FlightScore/FlightScore-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure CORS for web server and secure refresh token with HTTP-only cookies

Browse Source
This commit is contained in:
CodingPhoenixx
2026-02-16 21:37:35 +01:00
parent 24eec67a46
commit 634f99240f
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/dev/coph/flightscore/backend/Backend.java
+4
View File
@@ -93,6 +93,10 @@ public class Backend {
providerManager.enableAllProviders(); providerManager.enableAllProviders();
logger.success("Providers enabled!"); logger.success("Providers enabled!");
logger.info("Configuring web server...");
webServer.addAllowedOrigin("http://localhost:3000");
logger.success("Web server configured!");
logger.info("Starting web server..."); logger.info("Starting web server...");
webServer.start(); webServer.start();
logger.success("Web server started!"); logger.success("Web server started!");
src/main/java/dev/coph/flightscore/backend/requestHandler/auth/LoginRequestHandler.java
+2 -2
View File
@@ -8,6 +8,7 @@ import dev.coph.simplerequest.handler.RequestHandler;
import dev.coph.simplerequest.handler.RequestMethod; import dev.coph.simplerequest.handler.RequestMethod;
import dev.coph.simplerequest.util.ResponseUtil; import dev.coph.simplerequest.util.ResponseUtil;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.jetty.http.HttpCookie;
import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.Callback; import org.eclipse.jetty.util.Callback;
@@ -60,8 +61,7 @@ public class LoginRequestHandler {
var responseObject = new JSONObject(); var responseObject = new JSONObject();
responseObject.put("accessToken", loginResponse.accessToken()); responseObject.put("accessToken", loginResponse.accessToken());
responseObject.put("refreshToken", loginResponse.refreshToken()); Response.addCookie(response, HttpCookie.build("refreshToken", loginResponse.refreshToken()).httpOnly(true).build());
ResponseUtil.writeSuccessfulAnswer(response, callback, responseObject); ResponseUtil.writeSuccessfulAnswer(response, callback, responseObject);
} }
} }