From b8d46e221434d80d61cfb01a1a86d42148671542 Mon Sep 17 00:00:00 2001
From: "H@di" <hadi@hadisafari.ir>
Date: Sat, 21 Sep 2024 15:50:42 +0330
Subject: [PATCH] Fix CORS headers on error handling

---
 .../io/kafbat/ui/config/CorsGlobalConfiguration.java  | 11 +++++++----
 .../ui/exception/GlobalErrorWebExceptionHandler.java  |  5 +++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
index 4713dfd37..94350c260 100644
--- a/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
+++ b/api/src/main/java/io/kafbat/ui/config/CorsGlobalConfiguration.java
@@ -22,10 +22,7 @@ public WebFilter corsFilter() {
 
       final ServerHttpResponse response = ctx.getResponse();
       final HttpHeaders headers = response.getHeaders();
-      headers.add("Access-Control-Allow-Origin", "*");
-      headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
-      headers.add("Access-Control-Max-Age", "3600");
-      headers.add("Access-Control-Allow-Headers", "Content-Type");
+      fillCorsHeader(headers);
 
       if (request.getMethod() == HttpMethod.OPTIONS) {
         response.setStatusCode(HttpStatus.OK);
@@ -36,4 +33,10 @@ public WebFilter corsFilter() {
     };
   }
 
+  public static void fillCorsHeader(HttpHeaders responseHeaders) {
+    responseHeaders.add("Access-Control-Allow-Origin", "*");
+    responseHeaders.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
+    responseHeaders.add("Access-Control-Max-Age", "3600");
+    responseHeaders.add("Access-Control-Allow-Headers", "Content-Type");
+  }
 }
diff --git a/api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java b/api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java
index b4c978ac2..dc44ca519 100644
--- a/api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java
+++ b/api/src/main/java/io/kafbat/ui/exception/GlobalErrorWebExceptionHandler.java
@@ -2,6 +2,7 @@
 
 import com.google.common.base.Throwables;
 import com.google.common.collect.Sets;
+import io.kafbat.ui.config.CorsGlobalConfiguration;
 import io.kafbat.ui.model.ErrorResponseDTO;
 import java.math.BigDecimal;
 import java.util.List;
@@ -78,6 +79,7 @@ private Mono<ServerResponse> renderDefault(Throwable throwable, ServerRequest re
     return ServerResponse
         .status(ErrorCode.UNEXPECTED.httpStatus())
         .contentType(MediaType.APPLICATION_JSON)
+        .headers(CorsGlobalConfiguration::fillCorsHeader)
         .bodyValue(response);
   }
 
@@ -92,6 +94,7 @@ private Mono<ServerResponse> render(CustomBaseException baseException, ServerReq
     return ServerResponse
         .status(errorCode.httpStatus())
         .contentType(MediaType.APPLICATION_JSON)
+        .headers(CorsGlobalConfiguration::fillCorsHeader)
         .bodyValue(response);
   }
 
@@ -122,6 +125,7 @@ private Mono<ServerResponse> render(WebExchangeBindException exception, ServerRe
     return ServerResponse
         .status(HttpStatus.BAD_REQUEST)
         .contentType(MediaType.APPLICATION_JSON)
+        .headers(CorsGlobalConfiguration::fillCorsHeader)
         .bodyValue(response);
   }
 
@@ -136,6 +140,7 @@ private Mono<ServerResponse> render(ResponseStatusException exception, ServerReq
     return ServerResponse
         .status(exception.getStatusCode())
         .contentType(MediaType.APPLICATION_JSON)
+        .headers(CorsGlobalConfiguration::fillCorsHeader)
         .bodyValue(response);
   }