revised CORS config for lalowed origins

2026-05-14 14:57:25 +02:00
parent 463fbd8332
commit ef09a3c84d
3 changed files with 6 additions and 15 deletions
@@ -8,16 +8,13 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
 public class CorsConfig implements WebMvcConfigurer {
-    @Value("${vaessl.frontend-local-url}")
+    @Value("${vaessl.allowed-origins}")
-    private String frontendLocalUrl;
+    private String[] allowedOrigins;
    @Value("${vaessl.frontend-public-url}")
    private String frontendPublicUrl;
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
-                .allowedOrigins(frontendLocalUrl, frontendPublicUrl)
+                .allowedOrigins(allowedOrigins)
                .allowedMethods("GET", "POST", "DELETE", "OPTIONS")
                .allowedHeaders("Content-Type", "Accept")
                .allowCredentials(true);
@@ -5,13 +5,8 @@
    "description": "A description for 'spring.session.store-type'"
  },
  {
-    "name": "vaessl.frontend-local-url",
+    "name": "vaessl.allowed-origins",
    "type": "java.lang.String",
-    "description": "A description for 'vaessl.frontend-local-url'"
+    "description": "Comma-separated list of allowed CORS origins"
  },
  {
    "name": "vaessl.frontend-public-url",
    "type": "java.lang.String",
    "description": "A description for 'vaessl.frontend-public-url'"
  }
 ]}
@@ -30,5 +30,4 @@ server:
  servlet:
    context-path: /api
 vaessl:
-  frontend-local-url: ${FRONTEND_LOCAL_URL}
+  allowed-origins: ${ALLOWED_ORIGINS}
  frontend-public-url: ${FRONTEND_PUBLIC_URL}