Update to 2.0.0.beta3

Added entrypoint to Docker image
Fixed issues with CORS when behind reverse-proxy
Added APP_URL environment variable

app/src/main/kotlin/org/gameyfin/app/config/ConfigProperties.kt

@@ -263,7 +263,7 @@ sealed class ConfigProperties<T : Serializable>(
             data object AllowedOrigins : ConfigProperties<Array<String>>(
                 Array<String>::class,
                 "system.cors.allowed-origins",
-                "List of allowed CORS origins",
+                "List of allowed CORS origins (currently unused)",
                 emptyArray()
             )
         }

app/src/main/kotlin/org/gameyfin/app/core/SetupDataLoader.kt

@@ -1,8 +1,8 @@
 package org.gameyfin.app.core
 
+import io.github.oshai.kotlinlogging.KotlinLogging
 import org.gameyfin.app.setup.SetupService
 import org.gameyfin.app.users.UserService
-import io.github.oshai.kotlinlogging.KotlinLogging
 import org.gameyfin.app.users.entities.User
 import org.springframework.boot.context.event.ApplicationReadyEvent
 import org.springframework.context.event.EventListener
@@ -32,8 +32,15 @@ class SetupDataLoader(
         }
 
         val protocol = if (env.getProperty("server.ssl.key-store") != null) "https" else "http"
-
-        log.info { "Visit $protocol://${InetAddress.getLocalHost().hostName}:${env.getProperty("server.port")}/setup to complete the setup" }
+        val rawAppUrl = env.getProperty("app.url")
+        val appUrl = when {
+            rawAppUrl.isNullOrBlank() -> null
+            rawAppUrl.startsWith("http://") || rawAppUrl.startsWith("https://") -> rawAppUrl
+            else -> "$protocol://$rawAppUrl"
+        }
+        val setupUrl =
+            appUrl ?: "${protocol}://${InetAddress.getLocalHost().hostName}:${env.getProperty("server.port")}/setup"
+        log.info { "Visit $setupUrl to complete the setup" }
     }
 
     fun setupUsers() {

app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt

@@ -1,8 +1,8 @@
 package org.gameyfin.app.core.security
 
 import com.vaadin.flow.spring.security.VaadinWebSecurity
-import org.gameyfin.app.config.ConfigService
 import org.gameyfin.app.config.ConfigProperties
+import org.gameyfin.app.config.ConfigService
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Conditional
 import org.springframework.context.annotation.Configuration
@@ -19,7 +19,6 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
 import org.springframework.security.oauth2.core.AuthorizationGrantType
 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
-import org.springframework.web.cors.CorsConfiguration
 
 
 @Configuration
@@ -53,13 +52,8 @@ class SecurityConfig(
                 .sessionRegistry(sessionRegistry)
         }
 
-        http.cors { cors ->
-            cors.configurationSource { request ->
-                val configuration = CorsConfiguration()
-                configuration.allowedOrigins = allowedOrigins
-                configuration
-            }
-        }
+        // Not needed since the frontend is served by the backend
+        http.cors { cors -> cors.disable() }
 
         super.configure(http)