From 9b257b4de89d6e4cec45d22b37253a23b9f3c176 Mon Sep 17 00:00:00 2001
From: dahiyaAD <adahiya@oicr.on.ca>
Date: Mon, 5 Jun 2023 17:08:54 -0400
Subject: [PATCH] CORS configurations for score server allowing multiple
 origins at once - #367

---
 .../bio/overture/score/server/ServerMain.java  | 18 ++++++++++++++++++
 .../src/main/resources/application.yml         |  7 +++++++
 2 files changed, 25 insertions(+)

diff --git a/score-server/src/main/java/bio/overture/score/server/ServerMain.java b/score-server/src/main/java/bio/overture/score/server/ServerMain.java
index 4cebb0ef..3c68171a 100644
--- a/score-server/src/main/java/bio/overture/score/server/ServerMain.java
+++ b/score-server/src/main/java/bio/overture/score/server/ServerMain.java
@@ -1,5 +1,6 @@
 package bio.overture.score.server;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -7,6 +8,9 @@
 import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration;
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 /**
  * Application entry point.
@@ -20,8 +24,22 @@
 })
 public class ServerMain {
 
+  @Value("${management.endpoints.web.cors.allowedOrigins}")
+  private String[] allowedOrigins;
+
   public static void main(String... args) {
     SpringApplication.run(ServerMain.class, args);
   }
 
+  @Bean
+  public WebMvcConfigurer corsConfigurer() {
+    return new WebMvcConfigurer() {
+      @Override
+      public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins(allowedOrigins)
+                .allowedMethods("PUT", "DELETE", "GET", "POST");
+      }
+    };
+  }
 }
\ No newline at end of file
diff --git a/score-server/src/main/resources/application.yml b/score-server/src/main/resources/application.yml
index 4f1e0e39..fe07430b 100644
--- a/score-server/src/main/resources/application.yml
+++ b/score-server/src/main/resources/application.yml
@@ -82,6 +82,13 @@ auth:
     # E.g. TIMEOUT(n) = TIMEOUT(n-1) * MULTIPLIER
     multiplier: 2.0
 
+#allowedOrigins can be configured to contain multiple values, all separated by commas
+management:
+  endpoints:
+    web:
+      cors:
+        allowedOrigins: http://localhost:8081
+
 ---
 
 ###############################################################################