Allow cross-origin requests from spring.io and enterprise.spring.io

Closes gh-26

src/main/java/io/spring/calendar/release/ReleaseEventsController.java

@@ -28,6 +28,7 @@
 
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -42,6 +43,7 @@
  */
 @RestController
 @RequestMapping("/releases")
+@CrossOrigin(origins = { "https://spring.io", "https://enterprise.spring.io" })
 class ReleaseEventsController {
 
 	private final ReleaseRepository releaseRepository;

src/main/java/io/spring/calendar/release/ReleaseICalController.java

@@ -25,6 +25,7 @@
 import biweekly.component.VEvent;
 import io.spring.calendar.release.Release.Type;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
@@ -36,6 +37,7 @@
  */
 @RestController
 @RequestMapping("/ical")
+@CrossOrigin(origins = { "https://spring.io", "https://enterprise.spring.io" })
 class ReleaseICalController {
 
 	private final ReleaseRepository releaseRepository;

src/test/java/io/spring/calendar/release/ReleaseEventsControllerTests.java

@@ -22,10 +22,13 @@
 import io.spring.calendar.release.Release.Status;
 import io.spring.calendar.release.Release.Type;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.http.HttpHeaders;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
@@ -82,4 +85,20 @@ void whenReleasesWithTypeIsCalledThenReleasesOfTypeInPeriodAreReturned() throws
 				.json("[{\"allDay\":true,\"backgroundColor\":\"#6db33f\",\"start\":\"2024-06-01\",\"title\":\"Spring Boot 3.3.1\"}]"));
 	}
 
+	@ParameterizedTest
+	@ValueSource(strings = { "https://spring.io", "https://enterprise.spring.io" })
+	void releasesAllowsCrossOriginRequestsFromSpringIo(String origin) throws Exception {
+		this.mvc
+			.perform(MockMvcRequestBuilders.get("/releases?start=2024-06-01&end=2024-06-02").header("Origin", origin))
+			.andExpect(MockMvcResultMatchers.header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin));
+	}
+
+	@Test
+	void releasesDoesNotAllowCrossOriginRequestsFromElsewhere() throws Exception {
+		this.mvc
+			.perform(MockMvcRequestBuilders.get("/releases?start=2024-06-01&end=2024-06-02")
+				.header("Origin", "https://example.com"))
+			.andExpect(MockMvcResultMatchers.header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
+	}
+
 }

src/test/java/io/spring/calendar/release/ReleaseICalControllerTests.java

@@ -24,12 +24,16 @@
 import io.spring.calendar.release.Release.Status;
 import io.spring.calendar.release.Release.Type;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.http.HttpHeaders;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.BDDMockito.given;
@@ -98,6 +102,19 @@ void givenSomeReleasesWhenIcalIsCalledWithOssThenSingleCalendarIsReturnedWithOne
 		});
 	}
 
+	@ParameterizedTest
+	@ValueSource(strings = { "https://spring.io", "https://enterprise.spring.io" })
+	void icalAllowsCrossOriginRequestsFromSpringIo(String origin) throws Exception {
+		this.mvc.perform(MockMvcRequestBuilders.get("/ical").header("Origin", origin))
+			.andExpect(MockMvcResultMatchers.header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin));
+	}
+
+	@Test
+	void icalDoesNotAllowCrossOriginRequestsFromElsewhere() throws Exception {
+		this.mvc.perform(MockMvcRequestBuilders.get("/ical").header("Origin", "https://example.com"))
+			.andExpect(MockMvcResultMatchers.header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
+	}
+
 	private List<ICalendar> calendars(String url) throws Exception {
 		String responseBody = this.mvc.perform(MockMvcRequestBuilders.get(url))
 			.andReturn()