use of ca.uhn.fhir.rest.server.interceptor.CorsInterceptor in project gpconnect-demonstrator by nhsconnect.
the class FhirRestfulServlet method initialize.
@Override
protected void initialize() throws ServletException {
FhirContext ctx = FhirContext.forDstu3();
ctx.setParserErrorHandler(new StrictErrorHandler());
// version required on capability statement operation definition
// see https://hapifhir.io/doc_resource_references.html
ctx.getParserOptions().setStripVersionsFromReferences(false);
// This explicit call does not work
// /ctx.getParserOptions().setDontStripVersionsFromReferencesAtPaths("CapabilityStatement");
setFhirContext(ctx);
setETagSupport(ETagSupportEnum.ENABLED);
setServerAddressStrategy(new HardcodedServerAddressStrategy(serverBaseUrl));
setResourceProviders(Arrays.asList(applicationContext.getBean(PatientResourceProvider.class), applicationContext.getBean(OrganizationResourceProvider.class), applicationContext.getBean(PractitionerResourceProvider.class), // applicationContext.getBean(MedicationResourceProvider.class), // #183
applicationContext.getBean(LocationResourceProvider.class), applicationContext.getBean(AppointmentResourceProvider.class), // applicationContext.getBean(ScheduleResourceProvider.class), // #183
applicationContext.getBean(SlotResourceProvider.class)));
CorsConfiguration config = new CorsConfiguration();
config.setMaxAge(10L);
config.addAllowedOrigin("*");
config.setAllowCredentials(Boolean.TRUE);
config.setExposedHeaders(Arrays.asList(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
config.setAllowedMethods(Arrays.asList(HttpMethod.GET.name(), HttpMethod.POST.name(), HttpMethod.PUT.name(), HttpMethod.DELETE.name()));
config.setAllowedHeaders(Arrays.asList(HttpHeaders.ACCEPT, HttpHeaders.ACCEPT_ENCODING, HttpHeaders.ACCEPT_LANGUAGE, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpHeaders.AUTHORIZATION, HttpHeaders.CACHE_CONTROL, HttpHeaders.CONNECTION, HttpHeaders.CONTENT_LENGTH, SystemHeader.PREFER, HttpHeaders.CONTENT_TYPE, HttpHeaders.COOKIE, HttpHeaders.HOST, HttpHeaders.ORIGIN, HttpHeaders.PRAGMA, HttpHeaders.REFERER, SystemHeader.SSP_FROM, SystemHeader.SSP_INTERACTIONID, SystemHeader.SSP_TO, SystemHeader.SSP_TRACEID, HttpHeaders.USER_AGENT, SystemHeader.X_REQUESTED_WITH));
registerInterceptor(new CorsInterceptor(config));
registerInterceptor(applicationContext.getBean(FhirRequestAuthInterceptor.class));
registerInterceptor(applicationContext.getBean(FhirRequestGenericIntercepter.class));
registerInterceptor(applicationContext.getBean(PatientJwtValidator.class));
// #215 don't populate Bundle.entry.fullurl
registerInterceptor(new PostProcessor());
GpConnectServerCapabilityStatementProvider capStatementProvider = new GpConnectServerCapabilityStatementProvider(this);
super.setServerConformanceProvider(capStatementProvider);
}
Aggregations