From 3ed5d700bd606353ec2cd108268a5bb124b7ee00 Mon Sep 17 00:00:00 2001
From: William Brawner <me@wbrawner.com>
Date: Tue, 18 Feb 2020 19:51:35 -0700
Subject: [PATCH] Fix CORS settings

---
 .../com/wbrawner/budgetserver/config/SecurityConfig.kt      | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt b/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt
index 5fc4ed7..7280982 100644
--- a/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt
+++ b/src/main/kotlin/com/wbrawner/budgetserver/config/SecurityConfig.kt
@@ -6,6 +6,7 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.core.env.Environment
 import org.springframework.core.env.get
+import org.springframework.http.HttpMethod
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
@@ -68,7 +69,10 @@ open class SecurityConfig(
                 .configurationSource {
                     with(CorsConfiguration()) {
                         applyPermitDefaultValues()
-                        allowedOrigins = environment.get("twigs.cors.domains")?.split(",")
+                        allowedOrigins = environment["twigs.cors.domains"]?.split(",") ?: listOf("*")
+                        allowedMethods = listOf(HttpMethod.GET, HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE)
+                                .map { it.name }
+                        allowCredentials = true
                         this
                     }
                 }