From fb51944b556d4dc682da4263847df52290e3a414 Mon Sep 17 00:00:00 2001
From: Doris Lam <dlam@jpl.nasa.gov>
Date: Tue, 19 Jul 2022 17:29:40 -0700
Subject: [PATCH 1/2] add cors option feature

---
 .../org/openmbee/mms/mmsri/config/SecurityConfig.java     | 8 +++++++-
 src/main/resources/application.properties.example         | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
index 36c57d2..44c2dc6 100644
--- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
+++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
@@ -33,6 +33,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements
     @Value("${mms.hsts.enabled:false}")
     private boolean hsts;
 
+    @Value("${cors.allowed.origins:*}")
+    private String allowedOrigins;
+
     @Autowired
     AuthSecurityConfig authSecurityConfig;
 
@@ -77,13 +80,16 @@ public void addCorsMappings(CorsRegistry registry) {
                 .allowedMethods("*")
                 .allowCredentials(true)
                 .maxAge(3600L)
-                .allowedOriginPatterns("*");
+                .allowedOriginPatterns(allowedOrigins.split(","));
     }
 
     private CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true);
+        for (String origin: allowedOrigins.split(",")) {
+            config.addAllowedOriginPattern(origin);
+        }
         config.addAllowedOriginPattern("*");
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");
diff --git a/src/main/resources/application.properties.example b/src/main/resources/application.properties.example
index 43c9c54..35dcc73 100644
--- a/src/main/resources/application.properties.example
+++ b/src/main/resources/application.properties.example
@@ -4,6 +4,8 @@ mms.admin.username=test
 mms.admin.password=test
 mms.stream.batch.size=100000
 
+cors.allowed.origins=*
+
 # jwt issued by mms for logins via /authentication
 jwt.secret=make_me_something_really_long
 jwt.expiration=86400

From 26cd41dd07511746cc3466574bc924332fae0f66 Mon Sep 17 00:00:00 2001
From: Doris Lam <dlam@jpl.nasa.gov>
Date: Tue, 19 Jul 2022 17:35:37 -0700
Subject: [PATCH 2/2] remove dup

---
 src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
index 44c2dc6..c73fd40 100644
--- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
+++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
@@ -90,7 +90,6 @@ private CorsFilter corsFilter() {
         for (String origin: allowedOrigins.split(",")) {
             config.addAllowedOriginPattern(origin);
         }
-        config.addAllowedOriginPattern("*");
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");
         config.setMaxAge(3600L);