Skip to content

feat(cors): Global CORS Configuration for AMRIT API Services #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

feat(cors): Global CORS Configuration for AMRIT API Services #182

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
62aa438
global corsconfig added. corsconfig removed from IEMRAdminController
kevalkanp1011 Apr 10, 2025
b7c718e
corsconfig removed all controllers, global corsconfig modified
kevalkanp1011 Apr 14, 2025
078876c
refactor: unused import removed
kevalkanp1011 Apr 14, 2025
38a62c4
Resolved conflict from merging upstream/develop
kevalkanp1011 Apr 14, 2025
b579d56
fix: Access-Control-Allow-Origin response header is added
kevalkanp1011 May 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/main/environment/common_ci.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,5 +167,7 @@ grievanceAllocationRetryConfiguration=3
start-grievancedatasync-scheduler=false
cron-scheduler-grievancedatasync=0 0/2 * * * ?

cors.allowed-origins=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸ’‘ Verification agent

🧩 Analysis chain

Empty value for CORS allowed origins

The cors.allowed-origins property has been added but left empty. This could lead to either all cross-origin requests being blocked or potentially allowing all origins depending on how the property is processed in the CorsConfig class.

Please specify appropriate values for this property based on your environment requirements. Typical values might include:

  • Specific domain: https://example.com
  • Multiple domains: https://example.com,https://another-example.com
  • Wildcard: * (allows all origins, but should be used cautiously in production)

🏁 Script executed:

#!/bin/bash
# Check how cors.allowed-origins is being used in the code
grep -r "cors.allowed-origins" --include="*.java" .

Length of output: 144

Action: Update CORS Allowed Origins Configuration

The cors.allowed-origins property in src/main/environment/common_ci.properties is currently empty. The property is injected in CorsConfig.java via @Value("${cors.allowed-origins}"), meaning that if this value remains unset, the application’s CORS behavior could inadvertently either block all cross-origin requests or potentially allow all origins depending on the internal processing logic.

Please specify the correct origin(s) based on your environment requirements. For example:

  • A specific domain: https://example.com
  • Multiple domains: https://example.com,https://another-example.com
  • A wildcard (*): Use cautiously in non-production setups




25 changes: 25 additions & 0 deletions src/main/java/com/iemr/common/config/CorsConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package com.iemr.common.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfig implements WebMvcConfigurer {

@Value("${cors.allowed-origins}")
private String allowedOrigins;

@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins(allowedOrigins.split(","))
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*")
.exposedHeaders("Authorization", "Jwttoken") // Explicitly expose headers if needed
.allowCredentials(true)
.maxAge(3600)
;
}
}
6 changes: 1 addition & 5 deletions src/main/java/com/iemr/common/controller/abdmfacility/AbdmFacilityController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,15 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.iemr.common.service.abdmfacility.AbdmFacilityService;
import com.iemr.common.utils.response.OutputResponse;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.parameters.RequestBody;

@RequestMapping({ "/facility" })
@RestController
Expand All @@ -24,8 +21,7 @@ public class AbdmFacilityController {

@Autowired
private AbdmFacilityService abdmFacilityService;

@CrossOrigin

@Operation(summary = "Get Abdm facility mapped to worklocation")
@GetMapping(value = { "/getWorklocationMappedAbdmFacility/{workLocationId}" })
public String getAbdmFacilityDetails(@PathVariable int workLocationId, @RequestHeader(value = "Authorization") String Authorization) {
Expand Down
Loading
Loading