From 285388a8575099412915bdfb95d0d0aa28c438d9 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <p.gawron@atcomp.pl>
Date: Tue, 18 Mar 2025 18:49:51 +0100
Subject: [PATCH] fix cors issue

---
 .../mapviewer/web/bean/utils/CORSFilter.java  | 28 ++++++---------
 .../AuthenticationSuccessHandlerImpl.java     | 36 +++++++++++--------
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/web/src/main/java/lcsb/mapviewer/web/bean/utils/CORSFilter.java b/web/src/main/java/lcsb/mapviewer/web/bean/utils/CORSFilter.java
index 0055db2fa9..82f81b3552 100644
--- a/web/src/main/java/lcsb/mapviewer/web/bean/utils/CORSFilter.java
+++ b/web/src/main/java/lcsb/mapviewer/web/bean/utils/CORSFilter.java
@@ -1,6 +1,8 @@
 package lcsb.mapviewer.web.bean.utils;
 
-import java.io.IOException;
+import lcsb.mapviewer.common.Configuration;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -10,24 +12,10 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import lcsb.mapviewer.common.Configuration;
-
-/**
- * This filter enables ajax queries from all domains. It should be used for
- * restfull API.
- * 
- * @author Piotr Gawron
- *
- */
 public class CORSFilter implements Filter {
-  /**
-   * Default class logger.
-   */
-  @SuppressWarnings("unused")
+
   private final Logger logger = LogManager.getLogger();
 
   @Override
@@ -45,6 +33,12 @@ public class CORSFilter implements Filter {
       origin = "*";
     }
     response.setHeader("Access-Control-Allow-Origin", origin);
+    response.setHeader("Access-Control-Allow-Credentials", "true");
+    response.setHeader("Access-Control-Allow-Headers",
+        "Access-Control-Allow-Headers, "
+            + "Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
+    response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS");
+
     chain.doFilter(req, response);
   }
 
diff --git a/web/src/main/java/lcsb/mapviewer/web/config/AuthenticationSuccessHandlerImpl.java b/web/src/main/java/lcsb/mapviewer/web/config/AuthenticationSuccessHandlerImpl.java
index 36348c7cdd..45aa48347b 100644
--- a/web/src/main/java/lcsb/mapviewer/web/config/AuthenticationSuccessHandlerImpl.java
+++ b/web/src/main/java/lcsb/mapviewer/web/config/AuthenticationSuccessHandlerImpl.java
@@ -1,13 +1,10 @@
 package lcsb.mapviewer.web.config;
 
-import java.io.IOException;
-import java.util.Map;
-import java.util.TreeMap;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lcsb.mapviewer.common.Configuration;
+import lcsb.mapviewer.model.user.User;
+import lcsb.mapviewer.services.interfaces.IUserService;
+import lcsb.mapviewer.web.bean.utils.CORSFilter;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.http.HttpStatus;
@@ -15,18 +12,22 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import lcsb.mapviewer.common.Configuration;
-import lcsb.mapviewer.model.user.User;
-import lcsb.mapviewer.services.interfaces.IUserService;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Map;
+import java.util.TreeMap;
 
 @Component
 public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {
 
-  private static Logger logger = LogManager.getLogger();
+  private static final Logger logger = LogManager.getLogger();
 
-  private IUserService userService;
+  private final IUserService userService;
 
   public AuthenticationSuccessHandlerImpl(final IUserService userService) {
     this.userService = userService;
@@ -64,6 +65,11 @@ public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHa
       response.setContentType("application/json");
       response.getWriter().print(json);
 
+      new CORSFilter().doFilter(request, response, new FilterChain() {
+        @Override
+        public void doFilter(final ServletRequest request, final ServletResponse response) throws IOException, ServletException {
+        }
+      });
     }
 
   }
-- 
GitLab