From 753b757d579a37463c3416d92db2ba9add187107 Mon Sep 17 00:00:00 2001
From: Martin Asprusten <martin_asprusten@hotmail.com>
Date: Sun, 12 Apr 2026 02:28:03 +0200
Subject: [PATCH] Don't be very specific on which origins we allow cross origin
 from

---
 .../no/asprusten/sykkelaksjon/Server.java     | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/server/src/main/java/no/asprusten/sykkelaksjon/Server.java b/server/src/main/java/no/asprusten/sykkelaksjon/Server.java
index 785c400..102f35f 100644
--- a/server/src/main/java/no/asprusten/sykkelaksjon/Server.java
+++ b/server/src/main/java/no/asprusten/sykkelaksjon/Server.java
@@ -43,6 +43,9 @@ public class Server {
     @Value("${sykkelaksjon.openid.clientId}")
     private String clientId;
 
+    @Value("$(sykkelaksjon.base-url)")
+    private String baseUrl;
+
     private ActivityType getActivityTypeMessage(no.asprusten.sykkelaksjon.db.datatypes.ActivityType activityType) {
         ActivityType activityTypeMessage = new ActivityType();
         activityTypeMessage.setId(activityType.getId());
@@ -71,7 +74,7 @@ public class Server {
         return activityMessage;
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @GetMapping("/api")
     public ServerMessageSchema respondToRequest() throws ServerExceptionHandler.InvalidUserException {
         var optionalUserProfile = profileManager.getProfile();
@@ -179,7 +182,7 @@ public class Server {
         return serverMessage;
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @PostMapping(path = "/api/submitActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void submitActivity(
             @RequestParam("activity-type") Long activityTypeId,
@@ -204,7 +207,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @PostMapping(path = "/api/submitActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void submitActivityTemplate(
             @RequestParam("activity-type") Long activityTypeId,
@@ -229,7 +232,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @DeleteMapping(path = "/api/deleteActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void deleteActivityTemplate(@RequestParam("activity-template-id") Long activityTemplateId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -244,7 +247,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @DeleteMapping(path = "/api/deleteActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void deleteActivity(@RequestParam("activity-id") Long activityId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -259,7 +262,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @PostMapping(path = "/api/addActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void createActivityType(
             @RequestParam("activity-type-name") String name,
@@ -279,7 +282,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @DeleteMapping(path = "/api/deleteActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void deleteActivityType(@RequestParam("activity-type-id") Long activityTypeId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -292,7 +295,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @PutMapping(path = "/api/makeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void makeAdmin(@RequestParam("user-id") Long userId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -308,7 +311,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @PutMapping(path = "/api/removeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void removeAdmin(@RequestParam("user-id") Long userId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -324,7 +327,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @DeleteMapping(path = "/api/deleteUser", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     public void deleteUser(@RequestParam("user-id") Long userId) {
         profileManager.getProfile().ifPresent(userProfile -> {
@@ -337,7 +340,7 @@ public class Server {
         });
     }
 
-    @CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
+    @CrossOrigin
     @GetMapping(path = "/api/openid")
     public OpenidSchema provideOpenidConfig() {
         OpenidSchema openidSchema = new OpenidSchema();