CORS cleanup

mbari-org · Dec 3, 2021 · 1bf3157 · 1bf3157
1 parent e5750c8
commit 1bf3157
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 13 deletions.
diff --git a/src/main/scala/ScalatraBootstrap.scala b/src/main/scala/ScalatraBootstrap.scala
@@ -28,6 +28,8 @@ import org.scalatra.LifeCycle
 // import org.scalatra.swagger.{ApiInfo, Swagger}
 
 import scala.concurrent.ExecutionContext
+import org.slf4j.LoggerFactory
+import org.mbari.vars.vam.AppConfig
 // import org.scalatra.swagger.ContactInfo
 // import org.scalatra.swagger.LicenseInfo
 
@@ -51,7 +53,11 @@ class ScalatraBootstrap extends LifeCycle {
 
   override def init(context: ServletContext): Unit = {
 
-    println("STARTING UP NOW")
+    LoggerFactory.getLogger(getClass).info(s"Mounting ${AppConfig.Name} Servlets")
+    // Optional because * is the default
+    context.setInitParameter("org.scalatra.cors.allowedOrigins", "*")
+    // Disables cookies, but required because browsers will not allow passing credentials to wildcard domains
+    context.setInitParameter("org.scalatra.cors.allowCredentials", "false")
 
     implicit val executionContext = ExecutionContext.global
 

diff --git a/src/main/scala/org/mbari/vars/vam/api/APIStack.scala b/src/main/scala/org/mbari/vars/vam/api/APIStack.scala
@@ -46,7 +46,6 @@ abstract class APIStack
 
   before() {
     contentType = "application/json"
-    response.headers.set("Access-Control-Allow-Origin", "*")
   }
 
   protected[this] val timeFormatter = DateTimeFormatter.ISO_DATE_TIME

diff --git a/src/main/scala/org/mbari/vars/vam/api/AuthorizationV1Api.scala b/src/main/scala/org/mbari/vars/vam/api/AuthorizationV1Api.scala
@@ -26,10 +26,6 @@ import scala.concurrent.ExecutionContext
   */
 class AuthorizationV1Api(implicit val executor: ExecutionContext) extends APIStack {
 
-  before() {
-    contentType = "application/json"
-  }
-
   post("/") {
     authorizationService.requestAuthorization(request) match {
       case None    => halt(Unauthorized())

diff --git a/src/main/scala/org/mbari/vars/vam/api/HealthApi.scala b/src/main/scala/org/mbari/vars/vam/api/HealthApi.scala
@@ -23,11 +23,6 @@ import org.mbari.vars.vam.model.CirceCodecs._
 
 class HealthApi extends ScalatraServlet {
 
-  before() {
-    contentType = "application/json"
-    response.headers.set("Access-Control-Allow-Origin", "*")
-  }
-
   get("/") {
     CirceCodecs.print(HealthStatus.default)
   }

diff --git a/src/main/scala/org/mbari/vars/vam/api/VideoSequenceV1Api.scala b/src/main/scala/org/mbari/vars/vam/api/VideoSequenceV1Api.scala
@@ -20,8 +20,6 @@ import java.time.{Duration, Instant}
 import java.util.UUID
 
 import org.mbari.vars.vam.controllers.VideoSequenceController
-import org.mbari.vars.vam.dao.jpa.VideoSequence
-import org.scalatra.swagger._
 import org.scalatra._
 
 import scala.concurrent.ExecutionContext

diff --git a/src/test/scala/org/mbari/vars/vam/api/MediaV1ApiSpec.scala b/src/test/scala/org/mbari/vars/vam/api/MediaV1ApiSpec.scala
@@ -92,6 +92,7 @@ class MediaV1ApiSpec extends WebApiStack {
     val sha512 = ByteArrayConverter.encode(Array.fill[Byte](64)(11))
     get(s"/v1/media/sha512/$sha512") {
       status should be(200)
+      header("Content-Type") should startWith("application/json")
       val media = gson.fromJson(body, classOf[Media])
       println(body)
       media.videoSequenceUuid should not be (null)