From 20dd21810fbeba99bc9334fa04b067bc0e8a3b15 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Fri, 18 Oct 2024 14:08:57 +0200
Subject: [PATCH] EHN: Access-Control-Allow-Origin header configurable

---
 src/main/java/org/caosdb/server/CaosDBServer.java     | 7 ++++++-
 src/main/java/org/caosdb/server/ServerProperties.java | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index f6b89b91..d7a47f35 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -1019,7 +1019,12 @@ class CaosDBComponent extends Component {
     request.getAttributes().put("SRID", UUID.randomUUID().toString());
     response.setServerInfo(CaosDBServer.getServerInfo());
     super.handle(request, response);
-    response.setAccessControlAllowOrigin("*");
+    String accessControlAllowOrigin =
+        CaosDBServer.getServerProperty(
+            ServerProperties.KEY_SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN);
+    if (accessControlAllowOrigin != null && !accessControlAllowOrigin.isBlank()) {
+      response.setAccessControlAllowOrigin(accessControlAllowOrigin);
+    }
     log(request, response, t1);
   }
 
diff --git a/src/main/java/org/caosdb/server/ServerProperties.java b/src/main/java/org/caosdb/server/ServerProperties.java
index f2969498..5135dcbe 100644
--- a/src/main/java/org/caosdb/server/ServerProperties.java
+++ b/src/main/java/org/caosdb/server/ServerProperties.java
@@ -69,6 +69,8 @@ public class ServerProperties extends Properties implements Observable {
   public static final String KEY_SERVER_PORT_HTTPS = "SERVER_PORT_HTTPS";
   public static final String KEY_SERVER_PORT_HTTP = "SERVER_PORT_HTTP";
   public static final String KEY_REDIRECT_HTTP_TO_HTTPS_PORT = "REDIRECT_HTTP_TO_HTTPS_PORT";
+  public static final String KEY_SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN =
+      "SERVER_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN";
   public static final String KEY_GRPC_SERVER_PORT_HTTPS = "GRPC_SERVER_PORT_HTTPS";
   public static final String KEY_GRPC_SERVER_PORT_HTTP = "GRPC_SERVER_PORT_HTTP";
 
-- 
GitLab