From 06d418615c014a2288b36c28e4fac8dfb1a304f7 Mon Sep 17 00:00:00 2001
From: Jan Klattenhoff <jan@kjan.email>
Date: Fri, 4 Apr 2025 19:50:59 +0200
Subject: [PATCH] fix(cors): restrict allowed headers in CORS configuration

---
 backend/src/main/java/de/szut/casino/config/CorsConfig.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/de/szut/casino/config/CorsConfig.java b/backend/src/main/java/de/szut/casino/config/CorsConfig.java
index 4d76847..8840bbe 100644
--- a/backend/src/main/java/de/szut/casino/config/CorsConfig.java
+++ b/backend/src/main/java/de/szut/casino/config/CorsConfig.java
@@ -11,7 +11,7 @@ public class CorsConfig implements WebMvcConfigurer {
         registry.addMapping("/**")
                 .allowedOrigins("http://localhost:4200", "http://192.168.176.120:4200")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*")
+                .allowedHeaders("Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With")
                 .allowCredentials(true)
                 .maxAge(3600);
     }