Skip to content

[C4GT Community]: Global CORS Configuration for AMRIT API Services #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
5 tasks
drtechie opened this issue Mar 3, 2025 · 2 comments
Open
5 tasks

[C4GT Community]: Global CORS Configuration for AMRIT API Services #47

drtechie opened this issue Mar 3, 2025 · 2 comments
Assignees
@kevalkanp1011
Labels
C4GT Community

Comments

@drtechie
Copy link
Member

drtechie commented Mar 3, 2025
edited
Loading

Description

The goal of this ticket is to correctly configure CORS across all API services in the AMRIT platform. Proper CORS configuration is necessary to allow frontend applications to communicate securely with backend services while preventing unauthorized cross-origin access.

What You Will Learn

As a contributor, you will:

  • Gain experience in managing CORS configurations at a global level.
  • Learn how to securely allow specific domains and environments to access backend APIs.
  • Understand best practices for handling CORS in Spring Boot and Nginx.

Desired Skills

  • Familiarity with Spring Boot and its security configurations.
  • Understanding of CORS and cross-origin requests.
  • Basic knowledge of environment variables and server configuration.
  • Experience with Nginx (optional but beneficial).

Goals

  • Remove all unnecessary @CrossOrigin decorators from individual controllers.
  • Set up CORS globally at the API service level.
  • Ensure multiple frontend services running on localhost:xyz are allowed when in development.
  • Configure the production environment to dynamically allow the correct domain from environment variables.
  • Apply this configuration across all API services in AMRIT.

Expected Outcome

The AMRIT API services will have a globally managed CORS policy that allows controlled cross-origin requests in both development and production environments.

Acceptance Criteria

  • When running on a server with a subdomain, the required CORS headers are correctly added.
  • When running locally or in staging environments, localhost:xyz is allowed.
  • The CORS configuration is applied consistently across all API services of AMRIT.

Implementation Details

  1. Remove unnecessary @CrossOrigin decorators from controllers and services.
  2. Configure CORS globally in Spring Boot:
    • Create a filter or use WebMvcConfigurer to handle CORS at a global level.
    • Dynamically allow origins based on environment variables for production.
    • Allow specific localhost ports during development.
  3. Work with our IT and Dev team and test the implementation in all environments to verify that required domains are correctly allowed.
  4. The change must be done in all API services of AMRIT. Refer to repository readme for the list.

Mockups/Wireframes

NA

Product Name

AMRIT

Organisation Name

Piramal Swasthya Management and Research Institute

Domain

Healthcare

Tech Skills Needed

Spring Boot, Environment Configuration, CORS, Nginx (optional)

Mentor(s)

@drtechie

Complexity

High

Category

Maintenance, Security, Backend
@kevalkanp1011
Copy link

Interested!

@Harsh-Srivastav123
Copy link

I’d love to work on this issue as I can relate to it, having faced a similar challenge myself.

Check out this repository where I tackled the same problem: (https://github.com/Harsh-Srivastav123/quizApp_backend).

@PSMRI PSMRI locked and limited conversation to collaborators Mar 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kevalkanp1011 kevalkanp1011

Labels
C4GT Community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@drtechie @kevalkanp1011 @Harsh-Srivastav123