From f97ccd4239d23da7cf7672d3ba82d9cb2ae8dd33 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 20 Dec 2025 09:56:14 +0000
Subject: [PATCH 1/2] Initial plan


From 22085aa593c1a066e000f7ab4be8afc7b5a2028c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 20 Dec 2025 09:59:59 +0000
Subject: [PATCH 2/2] Fix CORS configuration and disable frontend dev mode

Co-authored-by: ALNezar <170512776+ALNezar@users.noreply.github.com>
---
 .../com/fishmaster/backend/config/SecurityConfig.java  | 10 +++++++---
 frontend/FishMaster/src/services/api.js                |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java b/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java
index 521d167..fcdf3a6 100644
--- a/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java
+++ b/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java
@@ -4,14 +4,15 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
 
 import java.util.List;
 
@@ -30,6 +31,9 @@ public SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
                 // Turn off CSRF since we use JWT, not sessions
                 .csrf(csrf -> csrf.disable())
 
+                // Enable CORS with default configuration
+                .cors(Customizer.withDefaults())
+
                 // Allow /auth/** for public access, protect everything else
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/auth/**").permitAll()
@@ -52,7 +56,7 @@ public SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
 
     // CORS configuration to allow requests from frontend
     @Bean
-    public CorsFilter corsFilter() {
+    public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true); // allows cookies if needed
         config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); //  frontend addresses
@@ -62,6 +66,6 @@ public CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config);
 
-        return new CorsFilter(source);
+        return source;
     }
 }
diff --git a/frontend/FishMaster/src/services/api.js b/frontend/FishMaster/src/services/api.js
index e445632..dcce5b8 100644
--- a/frontend/FishMaster/src/services/api.js
+++ b/frontend/FishMaster/src/services/api.js
@@ -1,5 +1,5 @@
 // api.js
-const DEV_MODE = true; // toggle to false in production
+const DEV_MODE = false; // toggle to false in production
 
 const API_BASE_URL = 'http://localhost:8080';