From 8d274e46c8b4aef0ddeef842ef7f2ba917a798ee Mon Sep 17 00:00:00 2001
From: mpgxvii <mpgxvii@gmail.com>
Date: Mon, 3 Apr 2023 14:21:13 +0100
Subject: [PATCH] fix: add CrossOrigin annotation to controllers

---
 .../appserver/config/MultiHttpSecurityConfig.java     |  6 ++++--
 .../controller/FcmDataMessageController.java          |  2 ++
 .../controller/FcmNotificationController.java         |  2 ++
 .../appserver/controller/GithubEndpoint.java          |  2 ++
 .../controller/NotificationStateEventController.java  |  2 ++
 .../appserver/controller/ProtocolEndpoint.java        |  2 ++
 .../controller/QuestionnaireScheduleEndpoint.java     |  1 +
 .../appserver/controller/RadarProjectController.java  |  2 ++
 .../appserver/controller/RadarUserController.java     | 11 ++++++++++-
 .../controller/TaskStateEventController.java          | 11 ++++++++++-
 10 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/radarbase/appserver/config/MultiHttpSecurityConfig.java b/src/main/java/org/radarbase/appserver/config/MultiHttpSecurityConfig.java
index 6ea13da2..c1bd6975 100644
--- a/src/main/java/org/radarbase/appserver/config/MultiHttpSecurityConfig.java
+++ b/src/main/java/org/radarbase/appserver/config/MultiHttpSecurityConfig.java
@@ -112,8 +112,10 @@ public WebMvcConfigurer corsConfigurer() {
         return new WebMvcConfigurer() {
             @Override
             public void addCorsMappings(@NonNull CorsRegistry registry) {
-                registry.addMapping("/**").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*");
-                // NOTE: allowedHeaders("*") is causing CORS issues so this has been removed (empty allows all headers by default)
+                registry.addMapping("/**")
+                        .allowedMethods("GET", "POST", "PUT", "DELETE")
+                        .allowedOrigins("*")
+                        .allowedHeaders("*");
             }
         };
     }
diff --git a/src/main/java/org/radarbase/appserver/controller/FcmDataMessageController.java b/src/main/java/org/radarbase/appserver/controller/FcmDataMessageController.java
index 48397e41..57bcad18 100644
--- a/src/main/java/org/radarbase/appserver/controller/FcmDataMessageController.java
+++ b/src/main/java/org/radarbase/appserver/controller/FcmDataMessageController.java
@@ -31,6 +31,7 @@
 import org.radarbase.appserver.dto.fcm.FcmDataMessages;
 import org.radarbase.appserver.service.FcmDataMessageService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -47,6 +48,7 @@
  *
  * @author yatharthranjan
  */
+@CrossOrigin
 @RestController
 public class FcmDataMessageController {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/FcmNotificationController.java b/src/main/java/org/radarbase/appserver/controller/FcmNotificationController.java
index 578e6abe..11f42e87 100644
--- a/src/main/java/org/radarbase/appserver/controller/FcmNotificationController.java
+++ b/src/main/java/org/radarbase/appserver/controller/FcmNotificationController.java
@@ -31,6 +31,7 @@
 import org.radarbase.appserver.dto.fcm.FcmNotifications;
 import org.radarbase.appserver.service.FcmNotificationService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -47,6 +48,7 @@
  *
  * @author yatharthranjan
  */
+@CrossOrigin
 @RestController
 public class FcmNotificationController {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/GithubEndpoint.java b/src/main/java/org/radarbase/appserver/controller/GithubEndpoint.java
index fc164158..f3616afa 100644
--- a/src/main/java/org/radarbase/appserver/controller/GithubEndpoint.java
+++ b/src/main/java/org/radarbase/appserver/controller/GithubEndpoint.java
@@ -26,6 +26,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
@@ -34,6 +35,7 @@
 import java.io.IOException;
 import java.net.MalformedURLException;
 
+@CrossOrigin
 @RestController
 public class GithubEndpoint {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java b/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java
index 9081d123..60d729c8 100644
--- a/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java
+++ b/src/main/java/org/radarbase/appserver/controller/NotificationStateEventController.java
@@ -28,6 +28,7 @@
 import org.radarbase.appserver.dto.NotificationStateEventDto;
 import org.radarbase.appserver.service.NotificationStateEventService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -36,6 +37,7 @@
 import radar.spring.auth.common.Authorized;
 import radar.spring.auth.common.PermissionOn;
 
+@CrossOrigin
 @RestController
 public class NotificationStateEventController {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/ProtocolEndpoint.java b/src/main/java/org/radarbase/appserver/controller/ProtocolEndpoint.java
index 117219e8..89d1859e 100644
--- a/src/main/java/org/radarbase/appserver/controller/ProtocolEndpoint.java
+++ b/src/main/java/org/radarbase/appserver/controller/ProtocolEndpoint.java
@@ -30,12 +30,14 @@
 import org.radarbase.appserver.config.AuthConfig.AuthEntities;
 import org.radarbase.appserver.config.AuthConfig.AuthPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
 import radar.spring.auth.common.Authorized;
 import radar.spring.auth.common.PermissionOn;
 
+@CrossOrigin
 @RestController
 public class ProtocolEndpoint {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/QuestionnaireScheduleEndpoint.java b/src/main/java/org/radarbase/appserver/controller/QuestionnaireScheduleEndpoint.java
index 36116979..109c6337 100644
--- a/src/main/java/org/radarbase/appserver/controller/QuestionnaireScheduleEndpoint.java
+++ b/src/main/java/org/radarbase/appserver/controller/QuestionnaireScheduleEndpoint.java
@@ -42,6 +42,7 @@
 import java.util.Locale;
 import java.util.Optional;
 
+@CrossOrigin
 @RestController
 @SuppressWarnings("PMD.DataflowAnomalyAnalysis")
 public class QuestionnaireScheduleEndpoint {
diff --git a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java
index 762c20a9..a4b8062c 100644
--- a/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java
+++ b/src/main/java/org/radarbase/appserver/controller/RadarProjectController.java
@@ -38,6 +38,7 @@
 import org.radarbase.auth.token.RadarToken;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -58,6 +59,7 @@
  * @see <a href="https://github.com/RADAR-base/ManagementPortal">Management Portal</a>
  * @author yatharthranjan
  */
+@CrossOrigin
 @RestController
 @Slf4j
 public class RadarProjectController {
diff --git a/src/main/java/org/radarbase/appserver/controller/RadarUserController.java b/src/main/java/org/radarbase/appserver/controller/RadarUserController.java
index fdbf151b..63386502 100644
--- a/src/main/java/org/radarbase/appserver/controller/RadarUserController.java
+++ b/src/main/java/org/radarbase/appserver/controller/RadarUserController.java
@@ -36,7 +36,15 @@
 import org.radarbase.appserver.service.UserService;
 import org.radarbase.auth.token.RadarToken;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import radar.spring.auth.common.AuthAspect;
 import radar.spring.auth.common.Authorization;
 import radar.spring.auth.common.Authorized;
@@ -51,6 +59,7 @@
  * @see <a href="https://github.com/RADAR-base/ManagementPortal">Management Portal</a>
  * @author yatharthranjan
  */
+@CrossOrigin
 @RestController
 public class RadarUserController {
 
diff --git a/src/main/java/org/radarbase/appserver/controller/TaskStateEventController.java b/src/main/java/org/radarbase/appserver/controller/TaskStateEventController.java
index 14f43feb..48bdda61 100644
--- a/src/main/java/org/radarbase/appserver/controller/TaskStateEventController.java
+++ b/src/main/java/org/radarbase/appserver/controller/TaskStateEventController.java
@@ -26,13 +26,22 @@
 import org.radarbase.appserver.dto.TaskStateEventDto;
 import org.radarbase.appserver.service.TaskStateEventService;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import radar.spring.auth.common.Authorized;
 import radar.spring.auth.common.PermissionOn;
 
 import javax.naming.SizeLimitExceededException;
 import java.util.List;
 
+@CrossOrigin
 @RestController
 public class TaskStateEventController {