mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

### fix: verbessere CORS-Handling und UI-Markierungen
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/services/mail/Dockerfile, mail-service, mail-service) (push) Successful in 5m47s
Details
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 3m51s
Details

Browse Source 
- **Caddyfile:** Ersetze `Access-Control-Allow-Origin` durch `*`, entferne `Access-Control-Allow-Credentials`, füge `Access-Control-Expose-Headers` hinzu.
- **GlobalSecurityConfig:** Lockere `allowedOrigins`, `allowedOriginPatterns` und `exposedHeaders` auf `*`, setze `allowCredentials` auf `false`.
- **MailServiceApplication:** Passe CORS-Mapping durch `allowedOrigins` und `allowCredentials` an.
- **UI:** Aktualisiere Versionsmarker auf `v2026-04-23.26 - NUCLEAR CORS v2`.
This commit is contained in:
Stefan Mogeritsch 2026-04-23 14:42:46 +02:00
parent f97bfeff47
commit 277254ebbd
4 changed files with 17 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
backend/infrastructure/security/src/main/kotlin/at/mocode/infrastructure/security/GlobalSecurityConfig.kt
View File

@ -81,23 +81,13 @@ class GlobalSecurityConfig {
@Bean
fun corsConfigurationSource(): CorsConfigurationSource {
val configuration = CorsConfiguration()
configuration.allowedOrigins = listOf(
"https://app.mo-code.at",
"https://api.mo-code.at",
"http://localhost:8080",
"http://localhost:8083",
"http://localhost:8092",
"http://localhost:4000"
)
configuration.allowedOriginPatterns = listOf(
"https://*.mo-code.at",
"http://localhost:[*]"
)
configuration.allowedOrigins = listOf("*")
configuration.allowedOriginPatterns = listOf("*")
configuration.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")
configuration.allowedHeaders = listOf("*")
configuration.exposedHeaders = listOf("Authorization", "Content-Type")
configuration.exposedHeaders = listOf("*")
configuration.maxAge = 3600L
configuration.allowCredentials = true
configuration.allowCredentials = false
val source = UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration("/**", configuration)
return source

7
backend/services/mail/mail-service/src/main/kotlin/at/mocode/mail/service/MailServiceApplication.kt
View File

@ -20,11 +20,10 @@ class MailServiceApplication(private val env: Environment) {
return object : WebMvcConfigurer {
override fun addCorsMappings(registry: CorsRegistry) {
registry.addMapping("/**")
.allowedOrigins("https://app.mo-code.at", "https://api.mo-code.at")
.allowedOriginPatterns("https://*.mo-code.at")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedOrigins("*")
.allowedMethods("*")
.allowedHeaders("*")
.allowCredentials(true)
.allowCredentials(false)
}
}
}

12
config/docker/caddy/web-app/Caddyfile
View File

@ -23,22 +23,22 @@
@options method OPTIONS
handle @options {
header {
Access-Control-Allow-Origin "https://app.mo-code.at"
Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
Access-Control-Expose-Headers "*"
Access-Control-Max-Age "3600"
X-Caddy-CORS "preflight-v25"
X-Caddy-CORS "preflight-v26"
}
respond "" 204
}
header {
Access-Control-Allow-Origin "https://app.mo-code.at"
Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
X-Caddy-CORS "forward-v25"
Access-Control-Expose-Headers "*"
X-Caddy-CORS "forward-v26"
defer
}

6
frontend/shells/meldestelle-web/src/wasmJsMain/kotlin/at/mocode/frontend/shell/web/WebMainScreen.kt
View File

@ -69,7 +69,9 @@ fun MainAppContent() {
is WebScreen.Nennung -> "/nennung/${screen.turnierId}"
is WebScreen.Erfolg -> "/erfolg"
}
setWindowHash("#$targetHash")
if (getWindowHash() != "#$targetHash") {
setWindowHash("#$targetHash")
}
}
Scaffold(
@ -124,7 +126,7 @@ fun MainAppContent() {
// Dezentraler Versions-Marker in der unteren rechten Ecke
Box(modifier = Modifier.fillMaxSize().padding(8.dp), contentAlignment = Alignment.BottomEnd) {
Text(
text = "v2026-04-23.25 - CADDY CATCH-ALL CORS",
text = "v2026-04-23.26 - NUCLEAR CORS v2",
style = MaterialTheme.typography.labelSmall,
color = Color.LightGray.copy(alpha = 0.5f)
)