SecurityConfiguration problem

adorsys / secure-token-service

Secure Token Service. Java implementation of OAuth 2.0 Token Exchange IETF draft

Apache License 2.0

25 stars 11 forks source link

SecurityConfiguration problem #163

Closed holgervelke closed 11 months ago

holgervelke commented 11 months ago

de.adorsys.sts:sts-secret-server:1.1.3 has a SecurityConfiguration error:

java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.

Mme-adorsys commented 11 months ago

Made cors policy configurable over properties to set allowedOrigins

cors: allowedOrigins: http://localhost:3000/,http://example.com/ allowedHeaders: "*" allowedMethods: GET,POST,PUT,DELETE