ALNezar · ALNezar · Dec 20, 2025 · Dec 20, 2025 · Dec 20, 2025 · Copilot
diff --git a/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java b/backend/src/main/java/com/fishmaster/backend/config/SecurityConfig.java
@@ -4,14 +4,15 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
 
 import java.util.List;
 
@@ -30,6 +31,9 @@ public SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
                 // Turn off CSRF since we use JWT, not sessions
                 .csrf(csrf -> csrf.disable())
 
+                // Enable CORS with default configuration
+                .cors(Customizer.withDefaults())
+
                 // Allow /auth/** for public access, protect everything else
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/auth/**").permitAll()
@@ -52,7 +56,7 @@ public SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
 
     // CORS configuration to allow requests from frontend
     @Bean
-    public CorsFilter corsFilter() {
+    public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true); // allows cookies if needed
         config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); //  frontend addresses
-        config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); //  frontend addresses
+        config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); // frontend addresses
-        config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); //  frontend addresses
+        config.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:5173")); // frontend addresses
@@ -62,6 +66,6 @@ public CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config);
 
-        return new CorsFilter(source);
+        return source;
     }
 }
diff --git a/frontend/FishMaster/src/services/api.js b/frontend/FishMaster/src/services/api.js
@@ -1,5 +1,5 @@
 // api.js
-const DEV_MODE = true; // toggle to false in production
+const DEV_MODE = false; // toggle to false in production
 
 const API_BASE_URL = 'http://localhost:8080';