remove cors confgis

Author: GeneralTao2

README.md

@@ -95,7 +95,6 @@ The project requires a set of environment variables to be configured for some se
 | SPOTIFY_CLIENT_SECRET                | Backend  | Taken from Spotify developer dashboard                          |
 | DEFAULT_SUCCESS_URL                  | Backend  | Redirect for a user after a successful login                    |
 | LOGIN_URL                            | Backend  | Redirect for a user after a failed login                        |
-| CORS_ALLOWED_ORIGINS                 | Backend  | CORS allowed origins for security                               |
 | SERVER_SERVLET_SESSION_COOKIE_DOMAIN | Backend  | Base domain for frontend and backend                            |
 | SERVER_SERVLET_SESSION_COOKIE_NAME   | Backend  | Cookie name for frontend and backend, for ex. JSESSIONID-STAGE  |
 | OPENAI_API_KEY                       | Backend  | Taken from OpenAI platform organisation                         |

artist-insight-service/src/main/kotlin/org/taonity/artistinsightservice/mvc/security/SecurityConfig.kt

@@ -11,8 +11,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
 import org.springframework.security.web.csrf.*
-import org.springframework.web.cors.CorsConfiguration
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 import java.util.*
 
 
@@ -23,7 +21,6 @@ class SecurityConfig(
     private val oAuth2AuthenticationFailureHandler: OAuth2AuthenticationFailureHandler,
     private val spaCsrfTokenRequestHandler: SpaCsrfTokenRequestHandler,
     @Value("\${app.default-success-url}") private val defaultSuccessUrl: String,
-    @Value("\${app.cors-allowed-origins}") private val corsAllowedOrigins: String,
     @Value("\${app.csrf-cookie-name}") private val csrfCookieName: String
 ) {
 
@@ -66,22 +63,8 @@ class SecurityConfig(
                     .failureHandler(oAuth2AuthenticationFailureHandler)
             }
             .oauth2Client(Customizer.withDefaults())
-           .cors { }
 
         return http.build()
     }
-
-//    TODO: verify effectiveness
-//    @Bean
-    fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
-        val configuration = CorsConfiguration()
-        configuration.allowCredentials = true
-        configuration.allowedOrigins = listOf(corsAllowedOrigins)
-        configuration.allowedMethods = listOf("*")
-        configuration.allowedHeaders = listOf("*")
-        val source = UrlBasedCorsConfigurationSource()
-        source.registerCorsConfiguration("/**", configuration)
-        return source
-    }
 }
 

artist-insight-service/src/main/resources/application-prod-spotify.yaml

@@ -24,7 +24,6 @@ spring:
 app:
   default-success-url: ${DEFAULT_SUCCESS_URL:http://localhost:3000}
   login-url: ${LOGIN_URL:http://localhost:3000/login}
-  cors-allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:3000}
 
 spotify:
   api-base-url: https://api.spotify.com/v1

artist-insight-service/src/main/resources/application-stub-spotify.yaml

@@ -24,7 +24,6 @@ spring:
 app:
   default-success-url: ${DEFAULT_SUCCESS_URL:http://localhost:3000}
   login-url: ${LOGIN_URL:http://localhost:3000/login}
-  cors-allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:3000}
 
 spotify:
   api-base-url: http://localhost:8100/v1

artist-insight-service/src/test/resources/application.yaml

@@ -30,7 +30,6 @@ openai:
 
 app:
   default-success-url: /
-  cors-allowed-origins: http://localhost:8100
   minimised-http-servlet-logging: false
   initial-user-gpt-usages: 10
   initial-global-gpt-usages: 50

templates/docker/.test-env

@@ -10,7 +10,6 @@ POSTGRES_ADDRESS=db
 SPOTIFY_CLIENT_ID=
 SPOTIFY_CLIENT_SECRET=
 DEFAULT_SUCCESS_URL=http://localhost:3002
-CORS_ALLOWED_ORIGINS=http://host.docker.internal:3002
 SPRING_PROFILES_ACTIVE=postgres,prod-spotify,stub-openai,stub-kofi,local
 
 LOCAL_BACKEND_URL: http://app:9016