From a8dd0a50cc105bd571f01daf69da574f38bceaae Mon Sep 17 00:00:00 2001
From: freddyheredia4 <freddyheredia4@gmail.com>
Date: Sun, 11 Jun 2023 06:46:28 -0500
Subject: [PATCH] agrega control options

---
 .../authz/conf/SecurityConfiguration.java     | 38 +++++++++++++++++++
 src/main/resources/application.properties     |  2 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/main/java/pedidos/pedidos/core/authz/conf/SecurityConfiguration.java b/src/main/java/pedidos/pedidos/core/authz/conf/SecurityConfiguration.java
index 6f62359..5dc763c 100644
--- a/src/main/java/pedidos/pedidos/core/authz/conf/SecurityConfiguration.java
+++ b/src/main/java/pedidos/pedidos/core/authz/conf/SecurityConfiguration.java
@@ -1,5 +1,8 @@
 package pedidos.pedidos.core.authz.conf;
 
+import java.util.Arrays;
+import java.util.Collections;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -8,6 +11,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
 import pedidos.pedidos.core.authz.service.UserService;
 
 @Configuration
@@ -23,6 +30,8 @@ public class SecurityConfiguration{
 
 		http
 		.csrf().disable()
+		.cors()
+		.and()
 		.authorizeHttpRequests((authorize) -> authorize
 				.requestMatchers("/login").permitAll()
 				.requestMatchers("/swagger-ui/*").permitAll()
@@ -36,4 +45,33 @@ public class SecurityConfiguration{
 		return http.build();
 
 	}
+
+	@Bean
+    protected CorsConfigurationSource corsConfigurationSource() {
+        final CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
+        configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH"));
+
+        // NOTE: setAllowCredentials(true) is important,
+        // otherwise, the value of the 'Access-Control-Allow-Origin' header in the response
+        // must not be the wildcard '*' when the request's credentials mode is 'include'.
+        configuration.setAllowCredentials(true);
+
+        // NOTE: setAllowedHeaders is important!
+        // Without it, OPTIONS preflight request will fail with 403 Invalid CORS request
+        configuration.setAllowedHeaders(Arrays.asList(
+                "Authorization",
+                "Accept",
+                "Cache-Control",
+                "Content-Type",
+                "Origin",
+                "x-csrf-token",
+                "x-requested-with"
+        ));
+
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index f04ccfb..9c1fb43 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,4 +4,4 @@ spring.datasource.password=postgres
 spring.jpa.hibernate.ddl-auto=update
 #spring.jpa.show-sql=true
 #spring.sql.init.mode=always
-server.port=8081
\ No newline at end of file
+server.port=8082
\ No newline at end of file