CORS
Description
Adds CORS support to the core.
CORS is a security feature enforced by the browser. Now the UI could potentially be served from a different origin, browsers may block API calls to the core. This MR introduces ways to whitelist such origins.
Changes
- The global settings are actually global now and are loaded statically before the server boots
- The security configuration has been restructured to make more sense.
Additions
- A CORS allowed API origins setting, which is a list of permitted origins. This has to be edited into the settings.json file, however; the settings UI breaks this but I'd rather clean all the bathrooms in the library with my tongue than fix the old settings UI
- A CORS preflight patch filter, which awards a CORS-specific authorization to preflight requests only.
- A CORS error header-patch filter, which forces headers upon valid CORS requests where Spring didn't add any
Test and Review
To be filled in by the reviewers
-
All of the methods are commented to expectation -
The methods are tested to satisfaction -
There are no unnecessary files present in the MR -
The continuous integration has no problems with the MR -
The MR is filled in as requested (including labels, milestones, and reviewers) -
The documentation is up-to-date -
All nullable parameters are marked as such
Edited by Erik Oudsen