diff --git a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
index 59929212b6b18d9a377c18fa9adc2fd78e19dfa7..ea5cf7860977aa39746d273c08c7cae6224063de 100644
--- a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
@@ -1,5 +1,6 @@
package eu.hbp.mip.configurations;
+import eu.hbp.mip.utils.CORSFilter;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
@@ -12,6 +13,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfFilter;
@@ -20,12 +22,11 @@ import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.filter.CorsFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
+import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -57,6 +58,7 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
.and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
} else {
+ http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/**").permitAll()
diff --git a/src/main/java/eu/hbp/mip/utils/CORSFilter.java b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
new file mode 100644
index 0000000000000000000000000000000000000000..1a0696fa5a5851500e46303b933913dcf68c0e2b
--- /dev/null
+++ b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
@@ -0,0 +1,25 @@
+package eu.hbp.mip.utils;
+
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+/**
+ * CORS Filter used only for development.
+ *
+ * Allows requests from all possible origins.
+ */
+public class CORSFilter implements Filter {
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+ HttpServletResponse response = (HttpServletResponse) res;
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
+ response.setHeader("Access-Control-Max-Age", "3600");
+ response.setHeader("Access-Control-Allow-Headers", "*");
+ response.setHeader("Access-Control-Request-Headers", "*");
+ chain.doFilter(req, res);
+ }
+}
\ No newline at end of file