Add CORS configuration for test environment #47
Description
Summary
CORS is configured for local and docker environments but not for the test environment. This prevents proper CORS testing and may indicate production configuration gaps.
Current Behavior
- CORS is configured in `application-local.yml` and `application-docker.yml`
- Test environment (`application-test.yml`) has no CORS configuration
- CORS preflight (OPTIONS) requests return `401 Unauthorized` in tests
- Security tests for CORS are currently `@Disabled`
Expected Behavior
Test environment should have CORS configured to allow:
- Testing of CORS preflight requests
- Verification of allowed origins
- Validation of credentials and allowed methods
Technical Details
- Location: `UnityAuth/src/test/resources/application-test.yml`
- Test Reference: `SecurityEdgeCasesTest` CORS tests (currently disabled)
- Related Configs:
- `application-local.yml` (lines 5-21)
- `application-docker.yml` (CORS config)
Suggested Fix
Add CORS configuration to test environment:
```yaml
application-test.yml
micronaut:
server:
cors:
enabled: true
configurations:
web:
allowed-origins-regex: '^http://(.*?)(?:localhost|127.0.0.1)(?::\d+)?$'
allowedOrigins:
- http://localhost:3000
- http://localhost:3001
localhost-pass-through: true
```
After adding configuration, enable the `@Disabled` CORS tests in `SecurityEdgeCasesTest`.
Acceptance Criteria
- CORS configuration added to test environment
- All CORS tests in `SecurityEdgeCasesTest` passing (remove `@Disabled`)
- Document CORS requirements in README
Labels
- testing
- configuration
- enhancement