/* * Copyright (C) 2020 Kevin Zatloukal. All rights reserved. Permission is * hereby granted to students registered for University of Washington * CSE 331 for use solely during Spring Quarter 2020 for purposes of * the course. No other use, copying, distribution, or modification * is permitted without prior written consent. Copyrights for * third-party components of this work must be honored. Instructors * interested in reusing these course materials should contact the * author. */ package todo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import spark.Filter; import spark.Request; import spark.Response; import spark.Spark; import java.util.HashMap; // Based on code from // https://stackoverflow.com/questions/45295530/spark-cors-access-control-allow-origin-error /** * The CORSFilter disables browser-side Cross-Origin Request security features, * to allow the React application (with origin localhost:3000) to make requests * of the Spark server (with origin localhost:4567) without them being rejected. *

* Note that this is generally a security vulnerability for production applications * (see "Cross-Site Scripting" or "XSS"), but it isn't a problem for our specific * application. */ public class CORSFilter { // =============== // You don't need to understand how this works at all, but it's something that's necessary // for our two-server system to work nicely together. If you're curious, read the comments // in this class and do some searching for "CORS", "Cross-Site Scripting", and "XSS" online. // =============== /** * Contains all the headers that need to be added */ private final HashMap corsHeaders = new HashMap<>(); /** * Prepares the filter to be applied to the Spark system by initialized the headers * that need to be used. */ public CORSFilter() { corsHeaders.put("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE,OPTIONS"); corsHeaders.put("Access-Control-Allow-Origin", "*"); corsHeaders.put("Access-Control-Allow-Headers", "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,"); corsHeaders.put("Access-Control-Allow-Credentials", "true"); } /** * Applies the filter globally to all Spark responses. Anytime this Spark server responds * to a request following the invocation of this method, completely-permissive CORS headers * will be added to the response headers. */ public void apply() { Filter filter = new Filter() { @Override public void handle(Request request, Response response) { corsHeaders.forEach(response::header); } }; Spark.afterAfter(filter); // Applies this filter even if there's a halt() or exception. // Logger logger = LoggerFactory.getLogger("CampusPaths Server"); logger.info("Listening on: http://localhost:" + Spark.port()); } }