CORS

src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/EmergencySecurityConfig.kt

@@ -5,6 +5,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Profile
+import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
@@ -22,7 +23,8 @@ import org.springframework.security.core.userdetails.User as SpringUser
 @Profile("emergency")
 @EnableConfigurationProperties(SecurityConfigurationProperties::class)
 class EmergencySecurityConfig(
-    val securityConfigurationProperties: SecurityConfigurationProperties
+    val securityConfigurationProperties: SecurityConfigurationProperties,
+    val environment: Environment
 ) : WebSecurityConfigurerAdapter() {
     init {
         emergencyMode = true
@@ -57,12 +59,12 @@ class EmergencySecurityConfig(
     }
 
     override fun configure(http: HttpSecurity) {
+        val debugMode = "debug" in environment.activeProfiles
+
         http
             .headers().frameOptions().disable()
             .and()
             .csrf().disable()
-            .cors()
-            .and()
             .addFilter(
                 JwtAuthenticationFilter(
                     authenticationManager(),
@@ -80,6 +82,11 @@ class EmergencySecurityConfig(
             .and()
             .authorizeRequests()
             .antMatchers("**").permitAll()
+
+        if (debugMode) {
+            http
+                .cors()
+        }
     }
 
     private fun loadUserById(id: Long): UserDetails {