Use * for any CORS origin

MarcialRosales · MarcialRosales · commit f0da40dedd55 · 2025-06-12T09:57:02.000+02:00
At least for now
diff --git a/.github/workflows/authorization-server-make.yaml b/.github/workflows/authorization-server-make.yaml
@@ -14,7 +14,7 @@ on:
   
 env:
   REGISTRY_IMAGE: pivotalrabbitmq/spring-authorization-server
-  IMAGE_TAG: 0.0.2
+  IMAGE_TAG: 0.0.3
 jobs:
   docker:
     runs-on: ubuntu-latest
diff --git a/selenium/authorization-server/pom.xml b/selenium/authorization-server/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.rabbitmq</groupId>
 	<artifactId>authorization-server</artifactId>
-	<version>0.0.2</version>
+	<version>0.0.3</version>
 	<name>authorization-server</name>
 	<description>Authorization Server for Selenium</description>
 	<url/>
diff --git a/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SimpleCORSFilter.java b/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SimpleCORSFilter.java
@@ -23,28 +23,22 @@
 @Order(Ordered.HIGHEST_PRECEDENCE)
 public class SimpleCORSFilter implements Filter {
 
-    private final Set<String> allowedOrigins;
-
     @Autowired
-    public SimpleCORSFilter(@Value("${spring.security.cors.allowed-origins:*}") Set<String> allowedOrigins) {
-        this.allowedOrigins = allowedOrigins;
+    public SimpleCORSFilter() {
     }
 
     @Override
     public void init(FilterConfig fc) throws ServletException {
-
+        System.out.println("Init SimpleCORSFilter");
     }
 
     @Override
     public void doFilter(ServletRequest req, ServletResponse resp,
                          FilterChain chain) throws IOException, ServletException {
+        System.out.println("doFilter SimpleCORSFilter");
         HttpServletResponse response = (HttpServletResponse) resp;
         HttpServletRequest request = (HttpServletRequest) req;
-        String origin = request.getHeader("referer");
-        if(origin != null ){
-            Optional<String> first = allowedOrigins.stream().filter(origin::startsWith).findFirst();
-            first.ifPresent(s -> response.setHeader("Access-Control-Allow-Origin", s));
-        }
+        response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
         response.setHeader("Access-Control-Max-Age", "3600");
         response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
