corrected security config

hooverdc · Apr 23, 2024 · 2ff5b9a · 2ff5b9a
1 parent fd9d819
commit 2ff5b9a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...BootBackEnd/demo/src/main/java/com/nationalParkApp/demo/Config/ProjectSecurityConfig.java b/...BootBackEnd/demo/src/main/java/com/nationalParkApp/demo/Config/ProjectSecurityConfig.java
@@ -43,14 +43,14 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
                 return config;
             }
 
-        })).csrf((csrf) -> csrf.csrfTokenRequestHandler(requestHandler).ignoringRequestMatchers( "/register","/user")
+        })).csrf((csrf) -> csrf.csrfTokenRequestHandler(requestHandler).ignoringRequestMatchers( "/api/v1/**","/register","/user")
                                 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
                         .addFilterAfter(new CsrfCookieFilter(), BasicAuthenticationFilter.class)
                         .authorizeHttpRequests((requests)->requests
 
                                 /*.requestMatchers("/createreview","/itinerary", "/addFavorites", "/favorites", "/favorites/*", "/editreview/*").authenticated()
                                 .requestMatchers("/register","/user", "/reviews").permitAll())*/
-                .requestMatchers("/api/v1/**", "/createreview").authenticated()
+                .requestMatchers("/api/v1/**").authenticated()
                 .requestMatchers("/register","/user", "/reviews").permitAll())
 
                         .formLogin(Customizer.withDefaults())