chore: update

Angular2Guy · Oct 14, 2023 · a86339a · a86339a
1 parent 3ede52c
commit a86339a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -12,7 +12,7 @@
  */
  plugins {
 	id 'java'
-	id 'org.springframework.boot' version '3.1.1'
+	id 'org.springframework.boot' version '3.1.4'
 	id 'org.graalvm.buildtools.native' version '0.9.27'
 	id 'io.spring.dependency-management' version '1.1.3'
 	id 'org.hibernate.orm' version '6.2.13.Final'

diff --git a/backend/src/main/java/ch/xxx/maps/adapter/config/SecurityConfig.java b/backend/src/main/java/ch/xxx/maps/adapter/config/SecurityConfig.java
@@ -19,20 +19,23 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
 
 	@Bean
 	public SecurityFilterChain configure(HttpSecurity http) throws Exception {
-		HttpSecurity result = http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/**").permitAll())
+		HttpSecurity result = http
+				.authorizeHttpRequests(
+						authorize -> authorize.requestMatchers(AntPathRequestMatcher.antMatcher("/**")).permitAll())
 				.csrf(myCsrf -> myCsrf.disable())
 				.sessionManagement(mySm -> mySm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 				.headers(myHeaders -> myHeaders.contentSecurityPolicy(myCsp -> myCsp.policyDirectives(
 						"default-src 'self' data: https://*.virtualearth.net https://*.bing.com; script-src 'self' https://*.virtualearth.net "
-				        +" https://*.bing.com 'unsafe-inline'; style-src 'self' https://*.bing.com 'unsafe-inline'; font-src 'self' "
-						+" data: https://fonts.gstatic.com;")))
+								+ " https://*.bing.com 'unsafe-inline'; style-src 'self' https://*.bing.com 'unsafe-inline'; font-src 'self' "
+								+ " data: https://fonts.gstatic.com;")))
 				.headers(myHeaders -> myHeaders.xssProtection(myXss -> myXss.headerValue(HeaderValue.ENABLED)))
 				.headers(myHeaders -> myHeaders.frameOptions(myFo -> myFo.sameOrigin()));
 		return result.build();