Fix CORS configuration to use CorsConfigurationSource and disable frontend dev mode

[Copilot]

Backend CORS was configured as a CorsFilter bean without being integrated into the security filter chain, preventing proper request handling. Frontend was stuck in dev mode with mock data.

Changes

Backend (SecurityConfig.java)

• Changed corsFilter() bean to corsConfigurationSource() returning CorsConfigurationSource instead of CorsFilter
• Added .cors(Customizer.withDefaults()) to SecurityFilterChain to enable CORS handling
• Added imports: Customizer, CorsConfigurationSource

Frontend (api.js)

• Set DEV_MODE = false to enable real API calls

// Before: Filter bean created but not integrated
@Bean
public CorsFilter corsFilter() {
    // ...
    return new CorsFilter(source);
}

// After: Configuration source used by security filter chain
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    // ...
    return source;
}

http
    .csrf(csrf -> csrf.disable())
    .cors(Customizer.withDefaults())  // Now properly enabled
    // ...

Original prompt

Fix backend-frontend communication issues by addressing CORS configuration and disabling frontend dev mode.

1. Backend (backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java):

   • Change the corsFilter bean to corsConfigurationSource and change the return type to CorsConfigurationSource.
   • Enable CORS in the SecurityFilterChain by adding .cors(Customizer.withDefaults()) to the HttpSecurity configuration.
   • Ensure necessary imports are added (org.springframework.security.config.Customizer, org.springframework.web.cors.CorsConfigurationSource).

2. Frontend (frontend/FishMaster/src/services/api.js):

   • Change const DEV_MODE = true; to const DEV_MODE = false; to allow real API calls to the backend.

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[ALNezar]

@copilot i dont get it what files did you changw

[Copilot]

@copilot i dont get it what files did you changw

I changed 2 files:

1. backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java - Updated CORS configuration (changed corsFilter to corsConfigurationSource, added .cors() to the security chain)
2. frontend/FishMaster/src/services/api.js - Changed DEV_MODE from true to false (line 2)

Commit: 22085aa

[Copilot]

Pull request overview

This PR fixes CORS configuration in the backend by properly integrating it with Spring Security's filter chain and disables frontend development mode to enable real API calls.

• Refactored backend CORS from an unintegrated CorsFilter bean to a CorsConfigurationSource bean that integrates with the security filter chain
• Enabled CORS in the security configuration using .cors(Customizer.withDefaults())
• Disabled frontend development mode to allow real API requests to the backend

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java	Changed CORS from unintegrated filter to properly integrated configuration source, added CORS enablement to security filter chain, updated imports
frontend/FishMaster/src/services/api.js	Disabled development mode to enable real API calls instead of mock data

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment has an extra space before "frontend addresses". This is a minor spelling/formatting issue.

Suggested change

	config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); // frontend addresses
	config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); // frontend addresses