From d272b0644eae86cc290d52ff4491eb934c54ed7f Mon Sep 17 00:00:00 2001
From: FyloZ <fylozdev@gmail.com>
Date: Fri, 28 May 2021 21:48:15 -0400
Subject: [PATCH] CORS

---
 .../config/EmergencySecurityConfig.kt               | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/EmergencySecurityConfig.kt b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/EmergencySecurityConfig.kt
index b944b96..3b8cd7f 100644
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/EmergencySecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/EmergencySecurityConfig.kt
@@ -5,6 +5,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Profile
+import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
@@ -22,7 +23,8 @@ import org.springframework.security.core.userdetails.User as SpringUser
 @Profile("emergency")
 @EnableConfigurationProperties(SecurityConfigurationProperties::class)
 class EmergencySecurityConfig(
-    val securityConfigurationProperties: SecurityConfigurationProperties
+    val securityConfigurationProperties: SecurityConfigurationProperties,
+    val environment: Environment
 ) : WebSecurityConfigurerAdapter() {
     init {
         emergencyMode = true
@@ -57,12 +59,12 @@ class EmergencySecurityConfig(
     }
 
     override fun configure(http: HttpSecurity) {
+        val debugMode = "debug" in environment.activeProfiles
+
         http
             .headers().frameOptions().disable()
             .and()
             .csrf().disable()
-            .cors()
-            .and()
             .addFilter(
                 JwtAuthenticationFilter(
                     authenticationManager(),
@@ -80,6 +82,11 @@ class EmergencySecurityConfig(
             .and()
             .authorizeRequests()
             .antMatchers("**").permitAll()
+
+        if (debugMode) {
+            http
+                .cors()
+        }
     }
 
     private fun loadUserById(id: Long): UserDetails {