Skip to content

CORS Configuration for FHIR API Services #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vishwab1 merged 2 commits into from
Jun 18, 2025
Merged

CORS Configuration for FHIR API Services #107

vishwab1 merged 2 commits into from
Jun 18, 2025

Conversation

@vishwab1
Copy link
Member

@vishwab1 vishwab1 commented Jun 17, 2025
edited
Loading

πŸ“‹ Description

JIRA ID: AMM-1246

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

βœ… Type of Change

  • 🐞 Bug fix (non-breaking change which resolves an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • πŸ”₯ Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • πŸ›  Refactor (change that is neither a fix nor a new feature)
  • βš™οΈ Config change (configuration file or build script updates)
  • πŸ“š Documentation (updates to docs or readme)
  • πŸ§ͺ Tests (adding new or updating existing tests)
  • 🎨 UI/UX (changes that affect the user interface)
  • πŸš€ Performance (improves performance)
  • 🧹 Chore (miscellaneous changes that don't modify src or test files)

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

  • New Features

    • Added configurable Cross-Origin Resource Sharing (CORS) support, allowing specification of permitted origins through environment or configuration files.

  • Refactor

    • Unified CORS handling across the application by removing individual CORS annotations from controllers and implementing centralized configuration.

  • Chores

    • Updated configuration files to include new CORS-related properties for easier environment management.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 17, 2025
edited
Loading

Warning

Rate limit exceeded

@vishwab1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 16 minutes and 23 seconds before requesting another review.

βŒ› How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between a4ae43f and 9e3e239.

πŸ“’ Files selected for processing (3)
  • src/main/environment/common_ci.properties (1 hunks)
  • src/main/java/com/wipro/fhir/config/CorsConfig.java (1 hunks)
  • src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java (4 hunks)

"""

Walkthrough

This change centralizes Cross-Origin Resource Sharing (CORS) configuration by introducing a global CORS configuration class, updating environment properties, and removing all @CrossOrigin annotations from controller classes. The JWT validation filter is enhanced to handle CORS headers and OPTIONS requests based on configured allowed origins.

Changes

File(s) Change Summary
src/main/environment/common_ci.properties, src/main/environment/common_example.properties Added cors.allowed-origins property for configurable CORS origins.
src/main/java/com/wipro/fhir/config/CorsConfig.java Introduced new global CORS configuration class using WebMvcConfigurer.
src/main/java/com/wipro/fhir/utils/FilterConfig.java Injected allowed origins, passed to JWT filter, set filter order to highest precedence.
src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java Added constructor parameter for allowed origins, implemented CORS header logic, handled OPTIONS requests.
src/main/java/com/wipro/fhir/controller/.../*.java (all controllers) Removed all @CrossOrigin annotations from classes and methods.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant Filter (JwtUserIdValidationFilter)
    participant SpringMVC (CorsConfig)
    participant Controller

    Browser->>Filter: Sends HTTP request (with Origin header)
    Filter->>Filter: Checks Origin against allowed origins
    alt Origin allowed
        Filter->>Browser: Sets CORS headers
    end
    alt OPTIONS request
        Filter->>Browser: Responds 200 OK, skips JWT validation
    else
        Filter->>SpringMVC: Passes request for routing
        SpringMVC->>Controller: Handles endpoint logic
        Controller-->>Browser: Returns response
    end
Loading

Possibly related PRs

  • PSMRI/FHIR-API#84: Modifies JwtUserIdValidationFilter for JWT validation logic, which overlaps with this PR's CORS and OPTIONS handling changes in the same class.

Suggested reviewers

  • ravishanigarapu

Poem

In the garden of code where the carrots grow tall,
We’ve tidied our CORS so it’s friendly to all.
No more annotations on every green leafβ€”
One config to rule them, what a relief!
Now bunnies and browsers can hop through with ease,
With origins allowed and requests on the breeze.
πŸ₯•βœ¨
"""

✨ Finishing Touches
  • πŸ“ Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share
πŸͺ§ Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jun 17, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

πŸ”­ Outside diff range comments (4)
src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java (1)

41-43: headers = "Authorization" may block OPTIONS pre-flight

@RequestMapping(... headers = "Authorization") rejects requests whose header set does not include Authorization.
CORS pre-flight calls (OPTIONS) never include this header, so they will be rejected before Spring’s CORS layer sees them, nullifying the new central CORS setup.

Consider dropping the headers constraint or duplicating the mapping without it:

-@RequestMapping(value = "/healthIDWithUID", headers = "Authorization", ...
+@RequestMapping(value = "/healthIDWithUID", ...
src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java (1)

37-39: Same pre-flight issue with headers = "Authorization"

All routes under this controller inherit the headers="Authorization" restriction. OPTIONS requests will be blocked.

See suggestion in CreateHealthIDWithUID.java.

src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java (1)

43-45: Pre-flight blocked by headers="Authorization"

Same concern: OPTIONS calls will not match this mapping. Remove the header constraint or add an alternative mapping.

src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java (1)

49-51: headers="Authorization" again blocks OPTIONS

Same issue as other controllers. Consolidate the fix project-wide.

🧹 Nitpick comments (9)
src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java (1)

5-6: Prefer constructor injection over field injection
Field injection via @Autowired reduces testability and immutability. Switch to constructor-based injection for HealthIDService:

- @Autowired
- private HealthIDService healthIDService;
+ private final HealthIDService healthIDService;
+
+ public CreateHealthIdRecord(HealthIDService healthIDService) {
+     this.healthIDService = healthIDService;
+ }
src/main/java/com/wipro/fhir/controller/test/Test.java (1)

26-27: Prefer constructor injection over field injection
Field injection via @Autowired reduces testability and immutability. Switch to constructor-based injection for HttpUtils and OPConsultRecordBundleImpl:

- @Autowired
- HttpUtils httpUtils;
- @Autowired
- private OPConsultRecordBundleImpl oPConsultRecordBundleImpl;
+ private final HttpUtils httpUtils;
+ private final OPConsultRecordBundleImpl oPConsultRecordBundleImpl;
+
+ public Test(HttpUtils httpUtils,
+             OPConsultRecordBundleImpl oPConsultRecordBundleImpl) {
+     this.httpUtils = httpUtils;
+     this.oPConsultRecordBundleImpl = oPConsultRecordBundleImpl;
+ }
src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java (1)

26-27: Prefer constructor injection over field injection
Field injection with @Autowired hinders immutability and testing. Convert to constructor-based injection for all three bundles:

- @Autowired
- private OPConsultRecordBundle opConsultRecordBundle;
- @Autowired
- private PrescriptionRecordBundle prescriptionRecordBundle;
- @Autowired
- private DiagnosticReportRecord diagnosticReportRecord;
+ private final OPConsultRecordBundle opConsultRecordBundle;
+ private final PrescriptionRecordBundle prescriptionRecordBundle;
+ private final DiagnosticReportRecord diagnosticReportRecord;
+
+ public ResourceRequestGateway(OPConsultRecordBundle opConsultRecordBundle,
+                               PrescriptionRecordBundle prescriptionRecordBundle,
+                               DiagnosticReportRecord diagnosticReportRecord) {
+     this.opConsultRecordBundle = opConsultRecordBundle;
+     this.prescriptionRecordBundle = prescriptionRecordBundle;
+     this.diagnosticReportRecord = diagnosticReportRecord;
+ }
src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java (1)

29-29: Prefer constructor injection over field injection
Field injection via @Autowired reduces testability and immutability. Refactor to constructor-based injection for PatientDataGatewayService:

- @Autowired
- private PatientDataGatewayService patientDataGatewayService;
+ private final PatientDataGatewayService patientDataGatewayService;
+
+ public PatientDataGatewayController(PatientDataGatewayService patientDataGatewayService) {
+     this.patientDataGatewayService = patientDataGatewayService;
+ }
src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java (1)

5-6: Prefer constructor injection over field injection
Field injection with @Autowired reduces testability and immutability. Switch to constructor-based injection for CreateAbhaV3Service:

- @Autowired
- private CreateAbhaV3Service createAbhaV3Service;
+ private final CreateAbhaV3Service createAbhaV3Service;
+
+ public CreateAbhaV3Controller(CreateAbhaV3Service createAbhaV3Service) {
+     this.createAbhaV3Service = createAbhaV3Service;
+ }
src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java (1)

133-134: Incorrect logger invocation β€” placeholder lost

logger.info("NDHM_FHIR Response:", response); passes two arguments but only a single {} placeholder exists, so the second arg is appended by toString() and the literal colon stays.
Use the placeholder API:

-logger.info("NDHM_FHIR Response:", response);
+logger.info("NDHM_FHIR Response: {}", response);
src/main/java/com/wipro/fhir/utils/FilterConfig.java (1)

23-24: Give the filter a deterministic name

FilterRegistrationBean without an explicit name is fine, but naming helps when
debug-printing the filter chain or tweaking precedence later.

 registrationBean.setFilter(filter);
+registrationBean.setName("jwtUserIdValidationFilter");
src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java (2)

8-9: Remove now-unused @Component import

org.springframework.stereotype.Component is no longer required after the
class stopped being a Spring bean. Leaving it in will trigger an β€œunused import”
warning.

-import org.springframework.stereotype.Component;

129-146: Regex is too permissive & recomputed per request

  1. matches() is executed on every call; compiling patterns once would be
    cheaper.
  2. Without anchors an origin like http://evil.com.example.com will satisfy
    the rule example.com.
-		return Arrays.stream(allowedOrigins.split(","))
-				.map(String::trim)
-				.anyMatch(pattern -> {
-					String regex = pattern
-							.replace(".", "\\.")
-							.replace("*", ".*")
-							.replace("http://localhost:.*", "http://localhost:\\d+"); // special case for wildcard port
-
-					boolean matched = origin.matches(regex);
-					return matched;
-				});
+		return Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.map(p -> p.replace(".", "\\.")
+						   .replace("*", ".*")
+						   .replace("http://localhost:.*", "http://localhost:\\d+"))
+				.map(r -> "^" + r + "$")          // anchor the pattern
+				.anyMatch(origin::matches);
πŸ“œ Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between 7476ed0 and 6d91d05.

πŸ“’ Files selected for processing (20)
  • src/main/environment/common_ci.properties (1 hunks)
  • src/main/environment/common_example.properties (1 hunks)
  • src/main/java/com/wipro/fhir/config/CorsConfig.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/facility/FacilityController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/generateresource/ResourceRequestGateway.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIdRecord.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/patientdatahandler/PatientDataGatewayController.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/test/Test.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java (1 hunks)
  • src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java (1 hunks)
  • src/main/java/com/wipro/fhir/utils/FilterConfig.java (1 hunks)
  • src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java (4 hunks)
🧰 Additional context used
🧠 Learnings (4)
src/main/java/com/wipro/fhir/controller/v3/abha/CreateAbhaV3Controller.java (1) 
Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#52
File: src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java:18-20
Timestamp: 2024-12-09T16:09:31.513Z
Learning: In the Java Spring Boot project, all controllers, including `LoginAbhaV3Controller.java` at `src/main/java/com/wipro/fhir/controller/v3/abha/`, use the `@CrossOrigin` annotation without parameters to maintain consistency across the codebase.
src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java (1) 
Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#52
File: src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java:18-20
Timestamp: 2024-12-09T16:09:31.513Z
Learning: In the Java Spring Boot project, all controllers, including `LoginAbhaV3Controller.java` at `src/main/java/com/wipro/fhir/controller/v3/abha/`, use the `@CrossOrigin` annotation without parameters to maintain consistency across the codebase.
src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java (1) 
Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#52
File: src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java:18-20
Timestamp: 2024-12-09T16:09:31.513Z
Learning: In the Java Spring Boot project, all controllers, including `LoginAbhaV3Controller.java` at `src/main/java/com/wipro/fhir/controller/v3/abha/`, use the `@CrossOrigin` annotation without parameters to maintain consistency across the codebase.
src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java (1) 
Learnt from: helenKaryamsetty
PR: PSMRI/FHIR-API#52
File: src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java:18-20
Timestamp: 2024-12-09T16:09:31.513Z
Learning: In the Java Spring Boot project, all controllers, including `LoginAbhaV3Controller.java` at `src/main/java/com/wipro/fhir/controller/v3/abha/`, use the `@CrossOrigin` annotation without parameters to maintain consistency across the codebase.
🧬 Code Graph Analysis (1)
src/main/java/com/wipro/fhir/config/CorsConfig.java (1)
src/main/java/com/wipro/fhir/utils/FilterConfig.java (1)
  • Configuration (9-28)
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Analyze (java)
πŸ”‡ Additional comments (15)
src/main/environment/common_example.properties (1)

114-116: ```shell
#!/bin/bash

Show usage of allowedOriginPatterns in CORS configuration

rg --color=never -n -C 5 "allowedOriginPatterns" src/main/java/com/wipro/fhir/config/CorsConfig.java

Dump the beginning of CorsConfig.java to inspect property mappings

sed -n '1,200p' src/main/java/com/wipro/fhir/config/CorsConfig.java


</details>
<details>
<summary>src/main/environment/common_ci.properties (1)</summary>

`118-120`: **Ensure `CORS_ALLOWED_ORIGINS` environment variable is set and fallback is handled.**
If `CORS_ALLOWED_ORIGINS` is missing or empty in CI/deployment, CORS may be effectively disabled. Consider providing a default value or validating presence at startup to avoid unintended blocking.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/healthCard/GenerateHealthIDCardController.java (1)</summary>

`26-27`: **Remove controller-level CORS declarations.**
Approved: the `@CrossOrigin` import and annotations are removed in favor of a centralized `CorsConfig`. Ensure your global CORS configuration and JWT filter properly handle preflight OPTIONS requests before controller invocation.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/healthIDvalidate/HealthIDValidateController.java (1)</summary>

`26-27`: **Remove controller-level CORS declarations.**
Approved: removed unused `@CrossOrigin` import, delegating CORS to the global config. Verify that the centralized config allows the required methods and headers (e.g., `Authorization`) for these endpoints.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/facility/FacilityController.java (1)</summary>

`5-6`: **Remove controller-level CORS declarations.**
Approved: the `@CrossOrigin` import/annotations have been removed. Confirm that your `CorsConfig` covers `/facility/**` GET and POST with `Authorization` header and credentials as needed.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithUID.java (1)</summary>

`27-33`: **Removed `@CrossOrigin` – confirm central CORS applies**

The per-controller `@CrossOrigin` annotations have vanished, relying entirely on the new global `CorsConfig`.  
Please double-check (manually or with an integration test) that requests to `/healthIDWithUID/**` from the expected origins still carry the correct CORS headers, especially when the `Authorization` header is present and `allowCredentials=true` is required.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/patientdatahandler/HigherHealthFacilityController.java (1)</summary>

`24-30`: **Verify CORS coverage after annotation removal**

`@CrossOrigin` disappeared here as well; ensure `/higher/health/facility/**` endpoints remain reachable from SPA front-ends after the switch to the central `CorsConfig`.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithMobileOTP.java (1)</summary>

`28-34`: **Cross-origin removal: confirm still functional**

After deleting `@CrossOrigin`, verify that `/healthID/**` remains accessible from configured origins in browsers.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/controller/eaushdhi/EAushadhiController.java (1)</summary>

`30-36`: **Confirm CORS works after annotation cleanup**

All endpoints under `/eAushadhi/**` now rely on global CORS.  Please verify in browser/network tests.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/config/CorsConfig.java (1)</summary>

`17-26`: **OPTIONS pre-flight is allowed, but origin pattern API requires Spring 5.3+**

`allowedOriginPatterns` exists only from Spring 5.3.  If the project is on an older Spring Boot (<2.4) this will not compile.

Confirm the framework version or fall back to `.allowedOrigins(...)`.

</details>
<details>
<summary>src/main/java/com/wipro/fhir/utils/FilterConfig.java (1)</summary>

`12-14`: **Add a safe default for `cors.allowed-origins`**

If the property is missing in some environment Spring will fail during bean creation.  
Consider providing a default value to keep the service bootable:

```diff
-	@Value("${cors.allowed-origins}")
+	@Value("${cors.allowed-origins:*}")   // fallback to β€œ*” when not configured
src/main/java/com/wipro/fhir/controller/healthID/CreateHealthIDWithBio.java (1)

6-6: Import section looks clean after removing @CrossOrigin

No stray or unused imports remain – good job.

src/main/java/com/wipro/fhir/controller/v3/abha/LoginAbhaV3Controller.java (1)

6-6: Controller compiles cleanly after dropping @CrossOrigin

The import purge is correct and leaves no unused entries.

src/main/java/com/wipro/fhir/controller/carecontext/CareContextController.java (1)

27-27: Unused @CrossOrigin import successfully removed

Nothing further to flag for this diff hunk.

src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java (1)

54-58: OPTIONS short-circuit skips response commit

response.setStatus(200) is fine, but some proxies require a content length
or a flush. Consider adding:

response.getWriter().flush();

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 17, 2025

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@vishwab1 vishwab1 requested review from drtechie and vanitha1822 June 17, 2025 16:15
@vishwab1 vishwab1 merged commit 3a8e67f into develop Jun 18, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@drtechie drtechie Awaiting requested review from drtechie

@vanitha1822 vanitha1822 Awaiting requested review from vanitha1822

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vishwab1 @vanitha1822