fix: allow cors configuration

allowed origins can be set via komga.cors.allowed-origins

closes #540

komga/src/main/kotlin/org/gotson/komga/infrastructure/configuration/KomgaProperties.kt

@@ -22,6 +22,8 @@ class KomgaProperties {
 
   var database = Database()
 
+  var cors = Cors()
+
   class RememberMe {
     @get:NotBlank
     var key: String? = null
@@ -30,6 +32,10 @@ class KomgaProperties {
     var validity: Int = 1209600 // 2 weeks
   }
 
+  class Cors {
+    var allowedOrigins: List<String> = emptyList()
+  }
+
   class Database {
     @get:NotBlank
     var file: String = ""

komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt

@@ -6,7 +6,6 @@ import org.gotson.komga.domain.model.ROLE_USER
 import org.gotson.komga.infrastructure.configuration.KomgaProperties
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
 import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.Profile
 import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
@@ -94,13 +93,12 @@ class SecurityConfiguration(
   }
 
   @Bean
-  @Profile("dev")
   fun corsConfigurationSource(): UrlBasedCorsConfigurationSource =
     UrlBasedCorsConfigurationSource().apply {
       registerCorsConfiguration(
         "/**",
         CorsConfiguration().applyPermitDefaultValues().apply {
-          allowedOrigins = listOf("http://localhost:8081")
+          allowedOrigins = komgaProperties.cors.allowedOrigins
           allowedMethods = HttpMethod.values().map { it.name }
           allowCredentials = true
           addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)

komga/src/main/resources/application-dev.yml

@@ -7,6 +7,8 @@ komga:
   libraries-scan-startup: true
   database:
     file: ":memory:"
+  cors.allowed-origins:
+    - http://localhost:8081
 
 spring:
   artemis: