Skip to content

fix: amm-1927 res based for only allowed origins #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
5Amogh merged 1 commit into from
Nov 20, 2025
Merged

fix: amm-1927 res based for only allowed origins #61

5Amogh merged 1 commit into from
Nov 20, 2025

Conversation

@5Amogh
Copy link
Member

@5Amogh 5Amogh commented Nov 18, 2025

📋 Description
JIRA ID:AMM-1927

🎯 Summary

This PR transforms the CORS implementation from an overly restrictive, maintenance-heavy configuration to a secure, environment-aware, and developer-friendly approach. By removing endpoint-specific restrictions and fixing critical security vulnerabilities, we achieve:

Better Security: Environment-controlled origins, no hardcoded localhost, immutable configuration
Simpler Code: No endpoint-specific configuration, reduced maintenance
Proper Architecture: CORS handles browser security, endpoints handle authorization
Standard Compliance: Full REST API support including PATCH method
Result: A production-safe, maintainable CORS implementation that follows security best practices and reduces operational overhead.

✅ Type of Change
🐞 Bug fix (non-breaking change which resolves an issue)

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 18, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch amm-1927

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 18, 2025

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

vishwab1
vishwab1 reviewed Nov 19, 2025
View reviewed changes
src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java
logger.debug("Request URI: {}", uri);
logger.debug("Allowed Origins Configured: {}", allowedOrigins);

if ("OPTIONS".equalsIgnoreCase(method)) {
Copy link
Member

@vishwab1 vishwab1 Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current implementation returns 200 OK for OPTIONS requests, which is the correct behavior for CORS preflight requests. Could you please check and revert?

vishwab1
vishwab1 reviewed Nov 19, 2025
View reviewed changes
src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java
logger.debug("Request URI: {}", uri);
logger.debug("Allowed Origins Configured: {}", allowedOrigins);

if ("OPTIONS".equalsIgnoreCase(method)) {
Copy link
Member

@vishwab1 vishwab1 Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current implementation returns 200 OK for OPTIONS requests, which is the correct behavior for CORS preflight requests. Could you please check and revert?

vishwab1
vishwab1 reviewed Nov 19, 2025
View reviewed changes
src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java
logger.info("OPTIONS request - skipping JWT validation");
response.setStatus(HttpServletResponse.SC_OK);
return;
if ("OPTIONS".equalsIgnoreCase(method)) {
Copy link
Member

@vishwab1 vishwab1 Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please check

vishwab1
vishwab1 reviewed Nov 19, 2025
View reviewed changes
src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java
logger.info("OPTIONS request - skipping JWT validation");
response.setStatus(HttpServletResponse.SC_OK);
return;
if ("OPTIONS".equalsIgnoreCase(method)) {
Copy link
Member

@vishwab1 vishwab1 Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please check

@5Amogh 5Amogh merged commit e4a9cd8 into release-3.6.1 Nov 20, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vishwab1 vishwab1 vishwab1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@5Amogh @vishwab1