From 237005a7bdd46a0fa8d3431b162d17112ea635c4 Mon Sep 17 00:00:00 2001
From: csimonis <c.simonis@neusta.de>
Date: Thu, 24 Apr 2025 15:11:54 +0200
Subject: [PATCH] feat(security): add frontend host configuration property

---
 .../main/java/de/szut/casino/security/SecurityConfig.java   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
index c6cb6b8..65d5b2c 100644
--- a/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
+++ b/backend/src/main/java/de/szut/casino/security/SecurityConfig.java
@@ -1,5 +1,6 @@
 package de.szut.casino.security;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -17,6 +18,9 @@ import java.util.List;
 @EnableWebSecurity
 public class SecurityConfig {
 
+    @Value("${app.frontend-host}")
+    private String frontendHost;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
@@ -36,7 +40,7 @@ public class SecurityConfig {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of("http://localhost:4200"));
+        configuration.setAllowedOrigins(List.of(this.frontendHost));
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Access-Control-Allow-Origin"));
         configuration.setExposedHeaders(List.of("x-auth-token"));