chore: add cors

deploy/demo/env.yaml

@@ -45,4 +45,6 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: commonurl-demo
-                  key: ORGANIZATION_CATALOG_BASE_URI
+                  key: ORGANIZATION_CATALOG_BASE_URI
+            - name: CORS_ORIGIN_PATTERNS
+              value: https://demo.fellesdatakatalog.digdir.no,https://*.demo.fellesdatakatalog.digdir.no

deploy/prod/env.yaml

@@ -45,4 +45,6 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: commonurl-prod
-                  key: ORGANIZATION_CATALOG_BASE_URI
+                  key: ORGANIZATION_CATALOG_BASE_URI
+            - name: CORS_ORIGIN_PATTERNS
+              value: https://fellesdatakatalog.digdir.no,https://*.fellesdatakatalog.digdir.no,https://data.norge.no,https://data.transportportal.no,https://transportportal.no

deploy/staging/env.yaml

@@ -48,3 +48,5 @@ spec:
                 secretKeyRef:
                   name: commonurl-staging
                   key: ORGANIZATION_CATALOG_BASE_URI
+            - name: CORS_ORIGIN_PATTERNS
+              value: https://staging.fellesdatakatalog.digdir.no,https://*.staging.fellesdatakatalog.digdir.no,http://localhost:*

src/main/kotlin/no/digdir/organizationcatalog/security/SecurityConfig.kt

@@ -1,5 +1,8 @@
 package no.digdir.organizationcatalog.security
 
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -12,12 +15,28 @@ import org.springframework.security.web.SecurityFilterChain
 import org.springframework.web.cors.CorsConfiguration
 
 @Configuration
-open class SecurityConfig {
+open class SecurityConfig(
+    @Value("\${application.cors.originPatterns}")
+    val corsOriginPatterns: Array<String>
+) {
 
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http
-            .cors { }
+            .cors { cors ->
+                cors.configurationSource { _ ->
+                    val config = CorsConfiguration()
+                    config.allowCredentials = false
+                    config.allowedHeaders = listOf("*")
+                    config.maxAge = 3600L
+                    config.allowedOriginPatterns = corsOriginPatterns.toList()
+                    config.allowedMethods = listOf("GET", "POST", "OPTIONS", "DELETE", "PUT")
+
+                    logger.debug("CORS configuration allowed origin patterns: {}", config.allowedOriginPatterns)
+
+                    config
+                }
+            }
             .csrf { it.disable() }
             .authorizeHttpRequests { authorize ->
                 authorize.requestMatchers(HttpMethod.OPTIONS).permitAll()
@@ -40,4 +59,8 @@ open class SecurityConfig {
         )
         return jwtDecoder
     }
+
+    companion object {
+        private val logger: Logger = LoggerFactory.getLogger(SecurityConfig::class.java)
+    }
 }

src/main/resources/application-develop.properties

@@ -7,5 +7,6 @@ application.organizationCatalogUrl: http://localhost:8140/organizations/
 application.municipalityUrl: https://data.geonorge.no/administrativeEnheter/kommune/id/
 application.testOrganizations: 555111290,568843537,910131028,910244132,910258028,910298062,910888447,911259583,911527170,916285515,973633449
 application.defaultOrgPath: /ANNET/
+application.cors.originPatterns: *
 
 server.port: 8140

src/main/resources/application-test.properties

@@ -8,3 +8,4 @@ application.organizationCatalogUrl: http://localhost:5050/organizations/
 application.municipalityUrl: http://localhost:5050/administrativeEnheter/kommune/id/
 application.testOrganizations: 555111290,568843537,910131028,910244132,910258028,910298062,910888447,911259583,911527170,916285515,973633449
 application.defaultOrgPath: /ANNET/
+application.cors.originPatterns: *

src/main/resources/application.properties

@@ -15,5 +15,6 @@ application.organizationCatalogUrl: ${ORGANIZATION_CATALOG_HOST:https://organiza
 application.municipalityUrl: ${GEONORGE_MUNICIPALITY_URL:https://data.geonorge.no/administrativeEnheter/kommune/id/}
 application.testOrganizations: 555111290,568843537,910131028,910244132,910258028,910298062,910888447,911259583,911527170,916285515,973633449
 application.defaultOrgPath: /ANNET/
+application.cors.originPatterns: ${CORS_ORIGIN_PATTERNS}
 
 server.port: 8080