martin/Sykkelaksjon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't be very specific on which origins we allow cross origin from

Browse Source
This commit is contained in:
Martin Asprusten 2026-04-12 02:28:03 +02:00
parent 3caf3cdb9e
commit 753b757d57
No known key found for this signature in database
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
server/src/main/java/no/asprusten/sykkelaksjon/Server.java
View File

@ -43,6 +43,9 @@ public class Server {
@Value("${sykkelaksjon.openid.clientId}")
private String clientId;
@Value("$(sykkelaksjon.base-url)")
private String baseUrl;
private ActivityType getActivityTypeMessage(no.asprusten.sykkelaksjon.db.datatypes.ActivityType activityType) {
ActivityType activityTypeMessage = new ActivityType();
activityTypeMessage.setId(activityType.getId());
@ -71,7 +74,7 @@ public class Server {
return activityMessage;
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@GetMapping("/api")
public ServerMessageSchema respondToRequest() throws ServerExceptionHandler.InvalidUserException {
var optionalUserProfile = profileManager.getProfile();
@ -179,7 +182,7 @@ public class Server {
return serverMessage;
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@PostMapping(path = "/api/submitActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void submitActivity(
@RequestParam("activity-type") Long activityTypeId,
@ -204,7 +207,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@PostMapping(path = "/api/submitActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void submitActivityTemplate(
@RequestParam("activity-type") Long activityTypeId,
@ -229,7 +232,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@DeleteMapping(path = "/api/deleteActivityTemplate", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void deleteActivityTemplate(@RequestParam("activity-template-id") Long activityTemplateId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -244,7 +247,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@DeleteMapping(path = "/api/deleteActivity", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void deleteActivity(@RequestParam("activity-id") Long activityId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -259,7 +262,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@PostMapping(path = "/api/addActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void createActivityType(
@RequestParam("activity-type-name") String name,
@ -279,7 +282,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@DeleteMapping(path = "/api/deleteActivityType", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void deleteActivityType(@RequestParam("activity-type-id") Long activityTypeId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -292,7 +295,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@PutMapping(path = "/api/makeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void makeAdmin(@RequestParam("user-id") Long userId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -308,7 +311,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@PutMapping(path = "/api/removeAdmin", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void removeAdmin(@RequestParam("user-id") Long userId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -324,7 +327,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@DeleteMapping(path = "/api/deleteUser", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
public void deleteUser(@RequestParam("user-id") Long userId) {
profileManager.getProfile().ifPresent(userProfile -> {
@ -337,7 +340,7 @@ public class Server {
});
}
@CrossOrigin(allowCredentials = "true", origins = {"http://localhost:5173"})
@CrossOrigin
@GetMapping(path = "/api/openid")
public OpenidSchema provideOpenidConfig() {
OpenidSchema openidSchema = new OpenidSchema();