fix: cors filter causing issues

should address #543
2025-12-20 23:45:11 +01:00 · 2021-05-22 15:14:12 +08:00 · 2021-05-22 15:14:12 +08:00 · 0708ce750c
commit 0708ce750c
parent 29e98adbcf
3 changed files with 49 additions and 20 deletions
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/CorsConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/CorsConfiguration.kt
@ -0,0 +1,49 @@
+package org.gotson.komga.infrastructure.security
+
+import org.gotson.komga.infrastructure.configuration.KomgaProperties
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition
+import org.springframework.boot.context.properties.bind.Bindable
+import org.springframework.boot.context.properties.bind.Binder
+import org.springframework.boot.context.properties.source.ConfigurationPropertyName
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.ConditionContext
+import org.springframework.context.annotation.Conditional
+import org.springframework.context.annotation.Configuration
+import org.springframework.core.type.AnnotatedTypeMetadata
+import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpMethod
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+import java.util.Collections
+
+@Configuration
+class CorsConfiguration(
+  private val komgaProperties: KomgaProperties
+) {
+
+  @Bean
+  @Conditional(CorsAllowedOriginsPresent::class)
+  fun corsConfigurationSource(): UrlBasedCorsConfigurationSource =
+    UrlBasedCorsConfigurationSource().apply {
+      registerCorsConfiguration(
+        "/**",
+        CorsConfiguration().applyPermitDefaultValues().apply {
+          allowedOrigins = komgaProperties.cors.allowedOrigins
+          allowedMethods = HttpMethod.values().map { it.name }
+          allowCredentials = true
+          addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)
+        }
+      )
+    }
+
+  class CorsAllowedOriginsPresent : SpringBootCondition() {
+    override fun getMatchOutcome(context: ConditionContext, metadata: AnnotatedTypeMetadata): ConditionOutcome {
+      val defined = Binder.get(context.environment)
+        .bind(ConfigurationPropertyName.of("komga.cors.allowed-origins"), Bindable.of(List::class.java))
+        .orElse(Collections.emptyList<String>())
+        .isNotEmpty()
+      return ConditionOutcome(defined, "Cors allowed-origins present")
+    }
+  }
+}
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
@ -5,9 +5,6 @@ import org.gotson.komga.domain.model.ROLE_ADMIN
 import org.gotson.komga.domain.model.ROLE_USER
 import org.gotson.komga.infrastructure.configuration.KomgaProperties
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
-import org.springframework.context.annotation.Bean
-import org.springframework.http.HttpHeaders
-import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.builders.WebSecurity
@ -15,8 +12,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.core.session.SessionRegistry
 import org.springframework.security.core.userdetails.UserDetailsService
-import org.springframework.web.cors.CorsConfiguration
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource

 private val logger = KotlinLogging.logger {}

@ -91,18 +86,4 @@ class SecurityConfiguration(
        "/index.html"
      )
  }
-
-  @Bean
-  fun corsConfigurationSource(): UrlBasedCorsConfigurationSource =
-    UrlBasedCorsConfigurationSource().apply {
-      registerCorsConfiguration(
-        "/**",
-        CorsConfiguration().applyPermitDefaultValues().apply {
-          allowedOrigins = komgaProperties.cors.allowedOrigins
-          allowedMethods = HttpMethod.values().map { it.name }
-          allowCredentials = true
-          addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)
-        }
-      )
-    }
 }
--- a/komga/src/main/resources/application-dev.yml
+++ b/komga/src/main/resources/application-dev.yml
@ -9,7 +9,6 @@ komga:
    file: ":memory:"
  cors.allowed-origins:
    - http://localhost:8081
-
 spring:
  artemis:
    embedded: