diff --git a/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java b/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java index a368944..102988d 100644 --- a/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java +++ b/src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfiguration.java @@ -49,18 +49,33 @@ public class SecurityConfiguration { return http.build(); } +// @Bean +// CorsConfigurationSource corsConfigurationSource() { +// CorsConfiguration configuration = new CorsConfiguration(); +// +// configuration.setAllowedOrigins(List.of("*")); +// configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST")); +// configuration.setAllowedHeaders(List.of("Authorization", "Content-Type")); +// +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// +// source.registerCorsConfiguration("/**", configuration); +// +// return source; +// } + @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - - configuration.setAllowedOrigins(List.of("*")); - configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST")); - configuration.setAllowedHeaders(List.of("Authorization", "Content-Type")); + configuration.setAllowedOrigins(List.of("http://localhost:5173")); // Replace with your frontend origin(s) + configuration.setAllowedMethods(List.of("GET", "PUT", "DELETE", "POST", "OPTIONS")); + configuration.setAllowedHeaders(List.of("*")); + configuration.setExposedHeaders(List.of("Authorization")); + configuration.setAllowCredentials(true); // Important when using Authorization headers UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", configuration); - return source; } + }