SEBSERV-342 added cors headers (with no effect so far)

2022-09-01 08:44:26 +02:00 · 2022-09-01 08:44:26 +02:00 · 64fa613fda
commit 64fa613fda
parent cfec81b2f7
2 changed files with 17 additions and 0 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/ProctoringServlet.java
@ -78,9 +78,17 @@ public class ProctoringServlet extends HttpServlet {
            log.error("Failed to get proctoring window script for data: {}", proctoringData);
            resp.getOutputStream().println("Failed to get proctoring window script");
        } else {
+            RAPConfiguration.setCORS(resp);
            resp.getOutputStream().println(script);
        }
+    }

+    @Override
+    protected void doOptions(final HttpServletRequest req, final HttpServletResponse resp)
+            throws ServletException, IOException {
+
+        RAPConfiguration.setCORS(resp);
+        resp.setStatus(HttpServletResponse.SC_OK);
    }

    private boolean isAuthenticated(
--- a/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/RAPConfiguration.java
@ -121,9 +121,12 @@ public class RAPConfiguration implements ApplicationConfiguration {
                    final WebApplicationContext webApplicationContext = getWebApplicationContext(httpSession);
                    final boolean authenticated = isAuthenticated(httpSession, webApplicationContext);
                    if (authenticated) {
+
                        final EntryPointService entryPointService = webApplicationContext
                                .getBean(EntryPointService.class);
                        entryPointService.loadProctoringView(parent);
+                        final HttpServletResponse response = RWT.getResponse();
+                        setCORS(response);
                    } else {
                        final HttpServletResponse response = RWT.getResponse();
                        response.setStatus(HttpStatus.FORBIDDEN.value());
@ -133,6 +136,12 @@ public class RAPConfiguration implements ApplicationConfiguration {
        }
    }

+    public static final void setCORS(final HttpServletResponse resp) {
+        resp.addHeader("Access-Control-Allow-Origin", "*");
+        resp.setHeader("Access-Control-Allow-Methods", "GET");
+        resp.setHeader("Vary", "Origin");
+    }
+
    public static final class RAPSpringEntryPointFactory implements EntryPointFactory {

        private boolean initialized = false;