ajout CORS

app/actions/CORSAction.scala

@@ -0,0 +1,35 @@
+package actions
+
+import org.apache.pekko.stream.Materializer
+import play.api.http.HttpErrorHandler
+import play.api.mvc._
+import play.filters.cors.{CORSActionBuilder, CORSConfig}
+
+import javax.inject.Inject
+import scala.concurrent.{ExecutionContext, Future}
+
+class CORSAction @Inject()(
+    parser: BodyParsers.Default,
+    corsConfig: CORSConfig,
+    errorHandler: HttpErrorHandler,
+    val controllerComponents: ControllerComponents
+)(implicit ec: ExecutionContext, mat: Materializer)
+  extends CORSActionBuilder
+  with BaseController {
+
+  override protected def corsConfig: CORSConfig = corsConfig
+  override protected def errorHandler: HttpErrorHandler = errorHandler
+  override protected def mat: Materializer = mat
+
+  override def parser: BodyParser[AnyContent] = parser
+  override def executionContext: ExecutionContext = ec
+
+  override def invokeBlock[A](request: Request[A], block: Request[A] => Future[Result]): Future[Result] = {
+    block(request).map(_.withHeaders(
+      "Access-Control-Allow-Origin" -> "*",
+      "Access-Control-Allow-Methods" -> "GET, POST, OPTIONS",
+      "Access-Control-Allow-Headers" -> "Origin, Content-Type, Accept, Authorization",
+      "Access-Control-Allow-Credentials" -> "true"
+    ))
+  }
+}

app/controllers/HomeController.scala

@@ -1,24 +1,17 @@
 package controllers
 
-import javax.inject._
-import play.api._
 import play.api.mvc._
+import actions.CORSAction
+
+import javax.inject._
 
-/**
- * This controller creates an `Action` to handle HTTP requests to the
- * application's home page.
- */
 @Singleton
-class HomeController @Inject()(val controllerComponents: ControllerComponents) extends BaseController {
+class HomeController @Inject()(
+                                val controllerComponents: ControllerComponents,
+                                corsAction: CORSAction
+                              ) extends BaseController {
 
-  /**
-   * Create an Action to render an HTML page.
-   *
-   * The configuration in the `routes` file means that this method
-   * will be called when the application receives a `GET` request with
-   * a path of `/`.
-   */
-  def index(): Action[AnyContent] = Action { implicit request: Request[AnyContent] =>
+  def index(): Action[AnyContent] = corsAction { implicit request =>
     Ok(views.html.index())
   }
 }

app/views/index.scala.html

@@ -1,5 +1,6 @@
 @()
 
 @main("Welcome to Play") {
-  <h1>Welcome to Play!</h1>
-}
+  <h1>Asteroid Cookies</h1>
+  <p><a href="/game">Jouer</a></p>
+}

build.sbt

@@ -1,4 +1,4 @@
-name := """asteroid-cookies"""
+name := """breakout-custom"""
 
 version := "1.0-SNAPSHOT"
 
@@ -6,9 +6,13 @@ lazy val root = (project in file(".")).enablePlugins(PlayScala)
 
 scalaVersion := "2.13.14"
 
-libraryDependencies += guice
+libraryDependencies ++= Seq(
+  guice,
+  filters
+)
 libraryDependencies += "org.scalatestplus.play" %% "scalatestplus-play" % "7.0.0" % Test
 
+
 // Adds additional packages into Twirl
 //TwirlKeys.templateImports += "com.example.controllers._"
 

conf/application.conf

@@ -1 +1,16 @@
-# https://www.playframework.com/documentation/latest/Configuration
+play.filters.hosts {
+  allowed = ["."]
+}
+
+play.filters.enabled += play.filters.headers.SecurityHeadersFilter
+
+play.filters.headers {
+  contentSecurityPolicy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://jevalide.ca"
+}
+
+play.filters.enabled += "play.filters.cors.CORSFilter"
+play.filters.cors {
+  allowedOrigins = null  // Allow all origins
+  allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+  allowedHttpHeaders = ["Accept", "Content-Type"]
+}