Set allowed origins now that CORS exists.

Attempt to fix 200 on 403 by setting response error code

Author: katsumag

core/src/main/kotlin/net/osable/core/SecurityConfiguration.kt

@@ -43,10 +43,15 @@ class SecurityConfiguration {
         http.exceptionHandling().accessDeniedHandler { request, response, accessDeniedException ->
             println("Access denied. Cause: ${accessDeniedException.cause} | Message: ${accessDeniedException.message}")
             accessDeniedException.printStackTrace()
+            response.status = request.getErrorCode()
         }
 
         http.cors().configurationSource {
-            CorsConfiguration().applyPermitDefaultValues()
+            CorsConfiguration()
+                .applyPermitDefaultValues()
+                .apply {
+                    allowedOrigins = listOf("https://osable.net")
+                }
         }
 
         return http.build()

core/src/main/kotlin/net/osable/core/web/FormController.kt

@@ -14,8 +14,6 @@ import org.springframework.web.bind.annotation.ResponseStatus
 import org.springframework.web.reactive.function.client.WebClient
 
 @Controller
-// Allow cross-origin requests
-@CrossOrigin
 class FormController {
 
     private val webClient = WebClient.builder()