fix: Access-Control-Allow-Origin response header is added

Author: kevalkanp1011

src/main/java/com/iemr/common/config/CorsConfig.java

@@ -14,7 +14,7 @@ public class CorsConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOriginPatterns(allowedOrigins.split(","))
+                .allowedOrigins(allowedOrigins.split(","))
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                 .allowedHeaders("*")
                 .exposedHeaders("Authorization", "Jwttoken") // Explicitly expose headers if needed

src/main/java/com/iemr/common/utils/DynamicCorsFilter.java

@@ -0,0 +1,37 @@
+package com.iemr.common.utils;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+@Component
+public class DynamicCorsFilter extends OncePerRequestFilter {
+
+    @Value("${cors.allowed-origins}")
+    private String[] allowedOrigins;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String origin = request.getHeader("Origin");
+        if (origin != null && Arrays.asList(allowedOrigins).contains(origin)) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+        }
+
+        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+            response.setStatus(HttpServletResponse.SC_OK);
+        } else {
+            filterChain.doFilter(request, response);
+        }
+    }
+}