Don't be very specific on which origins we allow cross origin from

2026-04-12 02:28:03 +02:00 · 2026-04-12 02:28:03 +02:00 · 753b757d57
commit 753b757d57
parent 3caf3cdb9e
1 changed files with 14 additions and 11 deletions
--- a/server/src/main/java/no/asprusten/sykkelaksjon/Server.java
+++ b/server/src/main/java/no/asprusten/sykkelaksjon/Server.java
@ -43,6 +43,9 @@ public class Server {
    @Value("${sykkelaksjon.openid.clientId}")
    private String clientId;

+    @Value("$(sykkelaksjon.base-url)")
+    private String baseUrl;
+
    private ActivityType getActivityTypeMessage(no.asprusten.sykkelaksjon.db.datatypes.ActivityType activityType) {
        ActivityType activityTypeMessage = new ActivityType();
        activityTypeMessage.setId(activityType.getId());
@ -71,7 +74,7 @@ public class Server {
        return activityMessage;
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @GetMapping("/api")
    public ServerMessageSchema respondToRequest() throws ServerExceptionHandler.InvalidUserException {
        var optionalUserProfile = profileManager.getProfile();
@ -179,7 +182,7 @@ public class Server {
        return serverMessage;
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @PostMapping(path = "/api/submitActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void submitActivity(
            @RequestParam("activity-type") Long activityTypeId,
@ -204,7 +207,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @PostMapping(path = "/api/submitActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void submitActivityTemplate(
            @RequestParam("activity-type") Long activityTypeId,
@ -229,7 +232,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @DeleteMapping(path = "/api/deleteActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void deleteActivityTemplate(@RequestParam("activity-template-id") Long activityTemplateId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -244,7 +247,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @DeleteMapping(path = "/api/deleteActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void deleteActivity(@RequestParam("activity-id") Long activityId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -259,7 +262,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @PostMapping(path = "/api/addActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void createActivityType(
            @RequestParam("activity-type-name") String name,
@ -279,7 +282,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @DeleteMapping(path = "/api/deleteActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void deleteActivityType(@RequestParam("activity-type-id") Long activityTypeId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -292,7 +295,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @PutMapping(path = "/api/makeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void makeAdmin(@RequestParam("user-id") Long userId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -308,7 +311,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @PutMapping(path = "/api/removeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void removeAdmin(@RequestParam("user-id") Long userId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -324,7 +327,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @DeleteMapping(path = "/api/deleteUser", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
    public void deleteUser(@RequestParam("user-id") Long userId) {
        profileManager.getProfile().ifPresent(userProfile -> {
@ -337,7 +340,7 @@ public class Server {
        });
    }

-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
    @GetMapping(path = "/api/openid")
    public OpenidSchema provideOpenidConfig() {
        OpenidSchema openidSchema = new OpenidSchema();