From e52fbd9afc8600c5c5ab1fde197c4dc211e63b96 Mon Sep 17 00:00:00 2001 From: bbabbi Date: Fri, 29 Nov 2024 09:19:52 +0900 Subject: [PATCH] =?UTF-8?q?[FIX]=20:=20CORS=EC=97=90=EB=9F=AC=20=ED=95=B4?= =?UTF-8?q?=EA=B2=B0=EC=9D=84=20=EC=9C=84=ED=95=9C=20=ED=97=88=EC=9A=A9=20?= =?UTF-8?q?=EB=B2=94=EC=9C=84=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/cecd/server/external/SecurityConfig.java | 16 +++++++++++----- .../java/org/cecd/server/external/WebConfig.java | 13 +++++++++---- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/server/src/main/java/org/cecd/server/external/SecurityConfig.java b/server/src/main/java/org/cecd/server/external/SecurityConfig.java index 749327e..8ebdeb3 100644 --- a/server/src/main/java/org/cecd/server/external/SecurityConfig.java +++ b/server/src/main/java/org/cecd/server/external/SecurityConfig.java @@ -24,6 +24,7 @@ import org.springframework.web.cors.CorsConfiguration; import java.io.IOException; +import java.util.List; @Configuration @EnableWebSecurity @@ -41,10 +42,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws httpSecurity .cors(cors -> cors.configurationSource(request -> { CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedOrigin("*"); - configuration.addAllowedMethod("*"); - configuration.addAllowedHeader("*"); - configuration.setAllowCredentials(true); + // 명시적으로 허용할 Origin 설정 + configuration.setAllowedOrigins(List.of( + "http://localhost:3000", + "https://www.dgu1921.p-e.kr", + "https://dgutestbed.netlify.app" + )); + configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); + configuration.setAllowedHeaders(List.of("*")); + configuration.setAllowCredentials(true); // Credentials 허용 return configuration; })) .csrf(csrf -> csrf.disable()) // CSRF 비활성화 @@ -62,7 +68,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws .authenticationEntryPoint(new AuthenticationEntryPoint() { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { - // API에서 인증 실패 시 에러를 그대로 출력 if (!request.getRequestURI().contains("api")) { response.sendRedirect("/jwt-login/authentication-fail"); } else { @@ -85,3 +90,4 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Acc return httpSecurity.build(); } } + diff --git a/server/src/main/java/org/cecd/server/external/WebConfig.java b/server/src/main/java/org/cecd/server/external/WebConfig.java index eb87901..6b8628f 100644 --- a/server/src/main/java/org/cecd/server/external/WebConfig.java +++ b/server/src/main/java/org/cecd/server/external/WebConfig.java @@ -12,9 +12,14 @@ public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") //어떤 URI로 들어오는 요청을 허용할 것인가? - .allowedOrigins("*") // 모두 허용 + registry.addMapping("/**") + .allowedOrigins( + "http://localhost:3000", + "https://www.dgu1921.p-e.kr", + "https://dgutestbed.netlify.app" + ) .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH") - .allowedHeaders("*"); + .allowedHeaders("*") + .allowCredentials(true); } -} +} \ No newline at end of file