diff --git a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java index 4713dfd37..714fa349a 100644 --- a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java +++ b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java @@ -1,5 +1,6 @@ package io.kafbat.ui.config; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpHeaders; @@ -15,6 +16,9 @@ @Configuration public class CorsGlobalConfiguration { + @Autowired + private CorsProperties corsProperties; + @Bean public WebFilter corsFilter() { return (final ServerWebExchange ctx, final WebFilterChain chain) -> { @@ -22,10 +26,10 @@ public WebFilter corsFilter() { final ServerHttpResponse response = ctx.getResponse(); final HttpHeaders headers = response.getHeaders(); - headers.add("Access-Control-Allow-Origin", "*"); - headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS"); - headers.add("Access-Control-Max-Age", "3600"); - headers.add("Access-Control-Allow-Headers", "Content-Type"); + headers.add("Access-Control-Allow-Origin", corsProperties.getAllowedOrigins()); + headers.add("Access-Control-Allow-Methods", corsProperties.getAllowedMethods()); + headers.add("Access-Control-Max-Age", corsProperties.getMaxAge()); + headers.add("Access-Control-Allow-Headers", corsProperties.getAllowedHeaders()); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); diff --git a/api/src/main/java/io/kafbat/ui/config/CorsProperties.java b/api/src/main/java/io/kafbat/ui/config/CorsProperties.java new file mode 100644 index 000000000..a3c1a47ea --- /dev/null +++ b/api/src/main/java/io/kafbat/ui/config/CorsProperties.java @@ -0,0 +1,18 @@ +package io.kafbat.ui.config; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; +import lombok.Data; + +@Component +@ConfigurationProperties(prefix = "cors") +@Data + +public class CorsProperties { + + private String allowedOrigins; + private String allowedMethods; + private String allowedHeaders; + private String maxAge; + +} diff --git a/api/src/main/resources/application.yml b/api/src/main/resources/application.yml index ba26c1f9c..d62e9cb39 100644 --- a/api/src/main/resources/application.yml +++ b/api/src/main/resources/application.yml @@ -19,3 +19,9 @@ logging: reactor.netty.http.server.AccessLog: INFO org.hibernate.validator: WARN +cors: + allowed-origins: "*" + allowed-methods: "GET, PUT, POST, DELETE, OPTIONS" + allowed-headers: "Content-Type" + max-age: "3600" +