OPTIONS Method added in CORS filter (#7)

theanandankit · web-flow · commit 995f2f4695e4 · 2021-01-27T18:48:15.000Z
diff --git a/omod/src/main/java/org/openmrs/module/smartonfhir/web/filter/CORSFilter.java b/omod/src/main/java/org/openmrs/module/smartonfhir/web/filter/CORSFilter.java
@@ -28,12 +28,19 @@ public class CORSFilter extends OncePerRequestFilter {
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 	        throws ServletException, IOException {
 		// CORS "pre-flight" request
-		response.addHeader("Access-Control-Allow-Credentials", "true");
-		response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
-		response.addHeader("Access-Control-Allow-Headers", "Authorization");
-		response.addHeader("Access-Control-Allow-Headers", "Content-Type");
+
 		response.addHeader("Access-Control-Allow-Origin", "*");
-		response.addHeader("Access-Control-Max-Age", "1");
+
+		if ("OPTIONS".equals(request.getMethod())) {
+			response.addHeader("Access-Control-Allow-Credentials", "true");
+			response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
+			response.addHeader("Access-Control-Allow-Headers", "Authorization");
+			response.addHeader("Access-Control-Allow-Headers", "Content-Type");
+			response.addHeader("Access-Control-Max-Age", "600");
+
+			response.setStatus(HttpServletResponse.SC_OK);
+			return;
+		}
 		
 		filterChain.doFilter(request, response);
 	}
