Updated properties and enhanced SecurityConfig

- Changed `server.forward-headers-strategy` to `native` in `application.properties`. - Added exclusion for `/login/oauth2/code/**` in CSRF configuration.
2025-10-25 16:45:01 +02:00 · 2025-10-25 16:45:01 +02:00 · 8cb922a88d
commit 8cb922a88d
parent 3f0644c1e9
2 changed files with 3 additions and 1 deletions
--- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java
+++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java
@ -73,6 +73,7 @@ public class SecurityConfig {
                                .jwtAuthenticationConverter(jwtAuthenticationConverter())
                        )
                )
+
                .exceptionHandling(ex -> ex
                        .defaultAuthenticationEntryPointFor(
                                new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
@ -82,6 +83,7 @@ public class SecurityConfig {
                .csrf(csrf -> csrf
                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                        .csrfTokenRequestHandler(new LccCsrfTokenRequestHandler())
+                        .ignoringRequestMatchers("/login/oauth2/code/**")
                )
                .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
                .addFilterBefore(
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -23,4 +23,4 @@ spring.flyway.enabled=true
 spring.flyway.locations=classpath:db/migration
 spring.flyway.baseline-on-migrate=true
 spring.sql.init.mode=never
-server.forward-headers-strategy=framework
+server.forward-headers-strategy=native