[FIX] : CORS에러 해결을 위한 허용 범위 수정

CSID-DGU · Nov 29, 2024 · e52fbd9 · e52fbd9
1 parent 9c2c0c4
commit e52fbd9
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/server/src/main/java/org/cecd/server/external/SecurityConfig.java b/server/src/main/java/org/cecd/server/external/SecurityConfig.java
@@ -24,6 +24,7 @@
 import org.springframework.web.cors.CorsConfiguration;
 
 import java.io.IOException;
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
@@ -41,10 +42,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
         httpSecurity
                 .cors(cors -> cors.configurationSource(request -> {
                     CorsConfiguration configuration = new CorsConfiguration();
-                    configuration.addAllowedOrigin("*");
-                    configuration.addAllowedMethod("*");
-                    configuration.addAllowedHeader("*");
-                    configuration.setAllowCredentials(true);
+                    // 명시적으로 허용할 Origin 설정
+                    configuration.setAllowedOrigins(List.of(
+                            "http://localhost:3000",
+                            "https://www.dgu1921.p-e.kr",
+                            "https://dgutestbed.netlify.app"
+                    ));
+                    configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+                    configuration.setAllowedHeaders(List.of("*"));
+                    configuration.setAllowCredentials(true); // Credentials 허용
                     return configuration;
                 }))
                 .csrf(csrf -> csrf.disable()) // CSRF 비활성화
@@ -62,7 +68,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                                 .authenticationEntryPoint(new AuthenticationEntryPoint() {
                                     @Override
                                     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
-                                        // API에서 인증 실패 시 에러를 그대로 출력
                                         if (!request.getRequestURI().contains("api")) {
                                             response.sendRedirect("/jwt-login/authentication-fail");
                                         } else {
@@ -85,3 +90,4 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Acc
         return httpSecurity.build();
     }
 }
+
diff --git a/server/src/main/java/org/cecd/server/external/WebConfig.java b/server/src/main/java/org/cecd/server/external/WebConfig.java
@@ -12,9 +12,14 @@ public class WebConfig implements WebMvcConfigurer {
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**") //어떤 URI로 들어오는 요청을 허용할 것인가?
-                .allowedOrigins("*") // 모두 허용
+        registry.addMapping("/**")
+                .allowedOrigins(
+                        "http://localhost:3000",
+                        "https://www.dgu1921.p-e.kr",
+                        "https://dgutestbed.netlify.app"
+                )
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH")
-                .allowedHeaders("*");
+                .allowedHeaders("*")
+                .allowCredentials(true);
     }
-}
+}