Return access control allow origin with origin where belongs to client

src/main/java/cc/ryanc/halo/filter/CorsFilter.java

@@ -21,7 +21,7 @@ public class CorsFilter extends OncePerRequestFilter {
     protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
 
         // Set customized header
-        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, httpServletRequest.getHeader(HttpHeaders.ORIGIN));
         httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
         httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTION");
         httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");

src/main/java/cc/ryanc/halo/security/handler/DefaultAuthenticationFailureHandler.java

@@ -35,6 +35,7 @@ public class DefaultAuthenticationFailureHandler implements AuthenticationFailur
     @Override
     public void onFailure(HttpServletRequest request, HttpServletResponse response, HaloException exception) throws IOException, ServletException {
         log.warn("Handle unsuccessful authentication, ip: [{}]", ServletUtil.getClientIP(request));
+        log.error("Authentication failure", exception);
 
         BaseResponse<Object> errorDetail = new BaseResponse<>();
 
@@ -46,8 +47,6 @@ public class DefaultAuthenticationFailureHandler implements AuthenticationFailur
             errorDetail.setDevMessage(ExceptionUtils.getStackTrace(exception));
         }
 
-        log.debug("Response error: [{}]", errorDetail);
-
         response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
         response.setStatus(exception.getStatus().value());
         response.getWriter().write(objectMapper.writeValueAsString(errorDetail));