diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/CorsConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/CorsConfiguration.kt new file mode 100644 index 000000000..e16f81d62 --- /dev/null +++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/CorsConfiguration.kt @@ -0,0 +1,49 @@ +package org.gotson.komga.infrastructure.security + +import org.gotson.komga.infrastructure.configuration.KomgaProperties +import org.springframework.boot.autoconfigure.condition.ConditionOutcome +import org.springframework.boot.autoconfigure.condition.SpringBootCondition +import org.springframework.boot.context.properties.bind.Bindable +import org.springframework.boot.context.properties.bind.Binder +import org.springframework.boot.context.properties.source.ConfigurationPropertyName +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.ConditionContext +import org.springframework.context.annotation.Conditional +import org.springframework.context.annotation.Configuration +import org.springframework.core.type.AnnotatedTypeMetadata +import org.springframework.http.HttpHeaders +import org.springframework.http.HttpMethod +import org.springframework.web.cors.CorsConfiguration +import org.springframework.web.cors.UrlBasedCorsConfigurationSource +import java.util.Collections + +@Configuration +class CorsConfiguration( + private val komgaProperties: KomgaProperties +) { + + @Bean + @Conditional(CorsAllowedOriginsPresent::class) + fun corsConfigurationSource(): UrlBasedCorsConfigurationSource = + UrlBasedCorsConfigurationSource().apply { + registerCorsConfiguration( + "/**", + CorsConfiguration().applyPermitDefaultValues().apply { + allowedOrigins = komgaProperties.cors.allowedOrigins + allowedMethods = HttpMethod.values().map { it.name } + allowCredentials = true + addExposedHeader(HttpHeaders.CONTENT_DISPOSITION) + } + ) + } + + class CorsAllowedOriginsPresent : SpringBootCondition() { + override fun getMatchOutcome(context: ConditionContext, metadata: AnnotatedTypeMetadata): ConditionOutcome { + val defined = Binder.get(context.environment) + .bind(ConfigurationPropertyName.of("komga.cors.allowed-origins"), Bindable.of(List::class.java)) + .orElse(Collections.emptyList()) + .isNotEmpty() + return ConditionOutcome(defined, "Cors allowed-origins present") + } + } +} diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt index fb3b38f5a..95b20c541 100644 --- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt +++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt @@ -5,9 +5,6 @@ import org.gotson.komga.domain.model.ROLE_ADMIN import org.gotson.komga.domain.model.ROLE_USER import org.gotson.komga.infrastructure.configuration.KomgaProperties import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest -import org.springframework.context.annotation.Bean -import org.springframework.http.HttpHeaders -import org.springframework.http.HttpMethod import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.WebSecurity @@ -15,8 +12,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter import org.springframework.security.core.session.SessionRegistry import org.springframework.security.core.userdetails.UserDetailsService -import org.springframework.web.cors.CorsConfiguration -import org.springframework.web.cors.UrlBasedCorsConfigurationSource private val logger = KotlinLogging.logger {} @@ -91,18 +86,4 @@ class SecurityConfiguration( "/index.html" ) } - - @Bean - fun corsConfigurationSource(): UrlBasedCorsConfigurationSource = - UrlBasedCorsConfigurationSource().apply { - registerCorsConfiguration( - "/**", - CorsConfiguration().applyPermitDefaultValues().apply { - allowedOrigins = komgaProperties.cors.allowedOrigins - allowedMethods = HttpMethod.values().map { it.name } - allowCredentials = true - addExposedHeader(HttpHeaders.CONTENT_DISPOSITION) - } - ) - } } diff --git a/komga/src/main/resources/application-dev.yml b/komga/src/main/resources/application-dev.yml index 563106036..315b0b9a0 100644 --- a/komga/src/main/resources/application-dev.yml +++ b/komga/src/main/resources/application-dev.yml @@ -9,7 +9,6 @@ komga: file: ":memory:" cors.allowed-origins: - http://localhost:8081 - spring: artemis: embedded: