disable cors and csrf

musabbozkurt · Feb 3, 2024 · 97e2fcb · 97e2fcb
1 parent 1bd93c9
commit 97e2fcb
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java b/src/main/java/mb/oauth2authorizationserver/config/SecurityConfig.java
@@ -11,6 +11,7 @@
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -44,6 +45,8 @@ SecurityFilterChain asSecurityFilterChain(HttpSecurity httpSecurity) throws Exce
         OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(httpSecurity);
 
         return httpSecurity
+                .cors(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
                 .getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                 .oidc(withDefaults())
                 .and()