CORS fixed?

README.md

@@ -11,22 +11,37 @@ A tool that ...
 [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/elomagic/room-booking-backend/graphs/commit-activity)
 [![Buymeacoffee](https://badgen.net/badge/icon/buymeacoffee?icon=buymeacoffee&label)](https://www.buymeacoffee.com/elomagic)
 
-## Using the library
+## Requirements
+
+The latest version of Docker or something similar to run a Docker image.
 
-### Requirements
+## Installation And Setup 
 
-* Installed Java 21 or higher
-* Download the latest version of DT Tool https://github.com/elomagic/repository/releases
+### Configuration
 
-### Windows installation
+```properties
+xxx=tbd
+```
 
-Run the following command with ADMINISTRATOR RIGHTS to install YAR as a Windows service
+### Run demo mode
 
-```powershell
-.\install.ps1
+```shell
+docker run --name room-display -d elo2017/remote-booking
 ```
 
-Configuration will not be overwritten, if exists
+
+## Configuration
+
+### Backend
+
+tbd.
+
+### Frontend
+
+The enter the configuration page, enter the pin. The Pin in the demonstration mode is still ```123456```` and can differ
+from the productive mode 
+
+## Using the library
 
 ## Contributing
 

src/main/java/de/elomagic/rb/backend/controllers/CoreController.java

@@ -1,5 +1,7 @@
 package de.elomagic.rb.backend.controllers;
 
+import jakarta.annotation.Nonnull;
+
 import de.elomagic.rb.backend.components.CoreComponent;
 import de.elomagic.rb.backend.dtos.PinDTO;
 import de.elomagic.rb.backend.dtos.VersionDTO;
@@ -24,7 +26,7 @@ VersionDTO getVersion() {
     }
 
     @PostMapping("/api/validate")
-    void validate(PinDTO dto) {
+    void validate(@Nonnull PinDTO dto) {
         coreComponent.validatePin(dto.getPin());
     }
 

src/main/java/de/elomagic/rb/backend/security/SecurityConfig.java

@@ -11,8 +11,6 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.List;
 
@@ -37,7 +35,13 @@ public SecurityConfig(@Autowired ApiKeyAuthFilter authFilter) {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
         return http
-                // .cors(AbstractHttpConfigurer::disable)
+                .cors(cors -> cors.configurationSource(request -> {
+                    CorsConfiguration configuration = new CorsConfiguration();
+                    configuration.setAllowedOrigins(List.of(allowedOrigins.split(",")));
+                    configuration.setAllowedMethods(List.of(allowedMethods.split(",")));
+                    configuration.setAllowedHeaders(List.of(allowedHeaders.split(",")));
+                    return configuration;
+                }))
                 .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .formLogin(AbstractHttpConfigurer::disable)
@@ -52,17 +56,4 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .build();
     }
 
-    @Bean
-    CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of(allowedOrigins.split(",")));
-        configuration.setAllowedMethods(List.of(allowedMethods.split(",")));
-        configuration.setAllowedHeaders(List.of(allowedHeaders.split(",")));
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-
-        return source;
-    }
-
 }