Closes kafbat#535, allowing to configure cors through spring properties

aditya-baldwa · Oct 19, 2024 · 1f9e6f3 · 1f9e6f3
1 parent c8a8759
commit 1f9e6f3
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 4 deletions.
diff --git a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
@@ -1,5 +1,6 @@
 package io.kafbat.ui.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpHeaders;
@@ -15,17 +16,20 @@
 @Configuration
 public class CorsGlobalConfiguration {
 
+  @Autowired
+  private CorsProperties corsProperties;
+
   @Bean
   public WebFilter corsFilter() {
     return (final ServerWebExchange ctx, final WebFilterChain chain) -> {
       final ServerHttpRequest request = ctx.getRequest();
 
       final ServerHttpResponse response = ctx.getResponse();
       final HttpHeaders headers = response.getHeaders();
-      headers.add("Access-Control-Allow-Origin", "*");
-      headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
-      headers.add("Access-Control-Max-Age", "3600");
-      headers.add("Access-Control-Allow-Headers", "Content-Type");
+      headers.add("Access-Control-Allow-Origin", corsProperties.getAllowedOrigins());
+      headers.add("Access-Control-Allow-Methods", corsProperties.getAllowedMethods());
+      headers.add("Access-Control-Max-Age", corsProperties.getMaxAge());
+      headers.add("Access-Control-Allow-Headers", corsProperties.getAllowedHeaders());
 
       if (request.getMethod() == HttpMethod.OPTIONS) {
         response.setStatusCode(HttpStatus.OK);

diff --git a/api/src/main/java/io/kafbat/ui/config/CorsProperties.java b/api/src/main/java/io/kafbat/ui/config/CorsProperties.java
@@ -0,0 +1,18 @@
+package io.kafbat.ui.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+import lombok.Data;
+
+@Component
+@ConfigurationProperties(prefix = "cors")
+@Data
+
+public class CorsProperties {
+
+  private String allowedOrigins;
+  private String allowedMethods;
+  private String allowedHeaders;
+  private String maxAge;
+
+}
diff --git a/api/src/main/resources/application.yml b/api/src/main/resources/application.yml
@@ -19,3 +19,9 @@ logging:
     reactor.netty.http.server.AccessLog: INFO
     org.hibernate.validator: WARN
 
+cors:
+  allowed-origins: "*"
+  allowed-methods: "GET, PUT, POST, DELETE, OPTIONS"
+  allowed-headers: "Content-Type"
+  max-age: "3600"
+