From dd81b2065413b71d03c4aeea791125b005128e30 Mon Sep 17 00:00:00 2001
From: Manuel Spuhler <manuel.spuhler@chuv.ch>
Date: Thu, 8 Nov 2018 22:19:59 +0100
Subject: [PATCH] tweak

---
 .../eu/hbp/mip/configuration/SecurityConfiguration.java     | 2 +-
 src/main/java/eu/hbp/mip/controllers/SecurityApi.java       | 6 +++---
 src/main/java/eu/hbp/mip/utils/CORSFilter.java              | 5 ++++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index d8ec1acfb..9faff1bb1 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -106,7 +106,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                     .and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
                     .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                     .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
-        }
+        
         else {
             http.antMatcher("/**")
                     .authorizeRequests()
diff --git a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java b/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
index a37c9e87a..358a73d77 100644
--- a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
@@ -55,9 +55,9 @@ public class SecurityApi {
         }
 
         if (!securityConfiguration.isAuthentication()) {
-            if (!userInfo.isFakeAuth()) {
-                response.setStatus(401);
-            }
+            // if (!userInfo.isFakeAuth()) {
+            //     response.setStatus(401);
+            // }
             String principalJson = "{\"principal\": \"anonymous\", \"name\": \"anonymous\", \"userAuthentication\": {" +
                     "\"details\": {\"preferred_username\": \"anonymous\"}}}";
             return new Gson().fromJson(principalJson, Object.class);
diff --git a/src/main/java/eu/hbp/mip/utils/CORSFilter.java b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
index ef3b35353..bd0875868 100644
--- a/src/main/java/eu/hbp/mip/utils/CORSFilter.java
+++ b/src/main/java/eu/hbp/mip/utils/CORSFilter.java
@@ -14,8 +14,11 @@ public class CORSFilter implements Filter {
         HttpServletResponse response = (HttpServletResponse) res;
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
+
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
+        // response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
         chain.doFilter(req, res);
     }
 
-- 
GitLab