Prod cors fix

src/main/kotlin/lt/skafis/bankas/config/SecurityConfig.kt

@@ -7,6 +7,8 @@ import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @Configuration
 @EnableWebSecurity
@@ -25,8 +27,21 @@ class SecurityConfig {
             }
             .formLogin(Customizer.withDefaults())
             .httpBasic(Customizer.withDefaults())
-            .cors { it.disable() }
+            .cors { it.configurationSource(corsConfigurationSource()) } // This should be changed for DEV env
             .csrf { it.disable() }
             .build()
     }
+
+    @Bean
+    fun corsConfigurationSource(): UrlBasedCorsConfigurationSource {
+        val source = UrlBasedCorsConfigurationSource()
+        val config = CorsConfiguration()
+        config.allowedOrigins = listOf("https://bankas.skafis.lt")
+        config.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "PATCH")
+        config.allowedHeaders = listOf("*")
+        config.allowCredentials = true
+        config.maxAge = 3600L
+        source.registerCorsConfiguration("/**", config)
+        return source
+    }
 }