From db34082a1cb670122ce407cf7f0e95ff76d4f8e2 Mon Sep 17 00:00:00 2001
From: Jeremias Weber <jeremias.weber@cloudogu.com>
Date: Thu, 22 Aug 2024 13:41:56 +0200
Subject: [PATCH] Allow all cross-origin requests in development stage

---
 CHANGELOG.md                                | 3 +++
 resources/etc/cas/config/cas.properties.tpl | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c70b4664..fb54a7ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- Set CORS Allow-Origin Header to `*` in stage `development`.
+  - This improves Dogu development but has no effects in production.
 
 ## [v7.0.5.1-5] - 2024-08-20
 ### Fixed
diff --git a/resources/etc/cas/config/cas.properties.tpl b/resources/etc/cas/config/cas.properties.tpl
index b40183cb..7e72e23f 100644
--- a/resources/etc/cas/config/cas.properties.tpl
+++ b/resources/etc/cas/config/cas.properties.tpl
@@ -271,4 +271,9 @@ cas.authn.oauth.code.numberOfUses=1
 # Access Token (Session) is valid for 1 day (= 86000 seconds)
 cas.authn.oauth.accessToken.timeToKillInSeconds=86000
 cas.authn.oauth.accessToken.maxTimeToLiveInSeconds=86000
-########################################################################################################################
\ No newline at end of file
+########################################################################################################################
+
+{{ if eq (.GlobalConfig.GetOrDefault "stage" "production") "development"}}
+cas.http-web-request.cors.enabled=true
+cas.http-web-request.cors.allow-origin-patterns=*
+{{ end }}
\ No newline at end of file