Add CORS filter

MarcialRosales · MarcialRosales · commit 38bd16d5e4a2 · 2025-06-12T09:01:43.000+02:00
Otherwise RabbitMQ cannot reach the
discovery endpoint from the browser
diff --git a/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SimpleCORSFilter.java b/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SimpleCORSFilter.java
@@ -0,0 +1,63 @@
+package com.rabbitmq.authorization_server;
+
+import java.io.IOException;
+import java.util.Optional;
+import java.util.Set;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class SimpleCORSFilter implements Filter {
+
+    private final Set<String> allowedOrigins;
+
+    @Autowired
+    public SimpleCORSFilter(@Value("${spring.security.cors.allowed-origins:*}") Set<String> allowedOrigins) {
+        this.allowedOrigins = allowedOrigins;
+    }
+
+    @Override
+    public void init(FilterConfig fc) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse resp,
+                         FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) resp;
+        HttpServletRequest request = (HttpServletRequest) req;
+        String origin = request.getHeader("referer");
+        if(origin != null ){
+            Optional<String> first = allowedOrigins.stream().filter(origin::startsWith).findFirst();
+            first.ifPresent(s -> response.setHeader("Access-Control-Allow-Origin", s));
+        }
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
+
+        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+            response.setStatus(HttpServletResponse.SC_OK);
+        } else {
+            chain.doFilter(req, resp);
+        }
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+}
