Debugging in prod, woo

Enable CORS at controller level
Enable CSRF debug logging (just in case)

Author: katsumag

core/src/main/kotlin/net/osable/core/SecurityConfiguration.kt

@@ -38,12 +38,9 @@ class SecurityConfiguration {
         }.oauth2Client()
 
 
-        // Useful for debugging CSRF
-        if (environment.activeProfiles.contains("development")) {
-            http.exceptionHandling().accessDeniedHandler { request, response, accessDeniedException ->
-                println("Access denied. Cause: ${accessDeniedException.cause} | Message: ${accessDeniedException.message}")
-                accessDeniedException.printStackTrace()
-            }
+        http.exceptionHandling().accessDeniedHandler { request, response, accessDeniedException ->
+            println("Access denied. Cause: ${accessDeniedException.cause} | Message: ${accessDeniedException.message}")
+            accessDeniedException.printStackTrace()
         }
 
         return http.build()

core/src/main/kotlin/net/osable/core/web/FormController.kt

@@ -14,6 +14,8 @@ import org.springframework.web.bind.annotation.ResponseStatus
 import org.springframework.web.reactive.function.client.WebClient
 
 @Controller
+// Allow cross-origin requests
+@CrossOrigin
 class FormController {
 
     private val webClient = WebClient.builder()
@@ -26,8 +28,6 @@ class FormController {
     @PostMapping("/questions", consumes = [MediaType.MULTIPART_FORM_DATA_VALUE], headers = ["Host=api.osable.net"])
     // Method has a void return type, spring MVC tries to find a /questions page to redirect to without this annotation
     @ResponseStatus(HttpStatus.OK)
-    // Allow cross-origin requests from ourselves
-    @CrossOrigin(origins = ["https://osable.net"])
     fun questionsContactRoute(@ModelAttribute contactRequest: ContactRequest) {
         webClient.post()
             .uri(webhookURL)