Merge pull request #113 from minseok1015/dev

feat : security로 변경

src/main/java/store/itpick/backend/config/SecurityConfig.java

@@ -1,6 +1,5 @@
 package store.itpick.backend.config;
 
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -33,25 +32,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         http
                 .csrf(AbstractHttpConfigurer::disable)
-//                .cors(withDefaults())  // CORS 설정 추가
+                .cors(withDefaults())  // CORS 설정 추가
                 .formLogin(FormLoginConfigurer::disable)
-                .sessionManagement((sessionManagement) ->
+                .sessionManagement(sessionManagement ->
                         sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 );
 
         return http.build();
     }
 
-//    @Bean
-//    public CorsFilter corsFilter() {
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        CorsConfiguration config = new CorsConfiguration();
-//        config.setAllowCredentials(true);
-//        config.addAllowedOrigin("https://itpick.netlify.app");
-//        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
-//        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
-//        config.setExposedHeaders(Arrays.asList("set-cookie"));
-//        source.registerCorsConfiguration("/**", config);
-//        return new CorsFilter(source);
-//    }
-}
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("https://itpick.netlify.app");
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("http://localhost:5173");
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
+        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

src/main/java/store/itpick/backend/config/WebConfig.java

@@ -41,16 +41,16 @@ public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers)
 
 
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("http://localhost:3000", "http://localhost:5173", "https://localhost:5173",
-                        "https://itpick.netlify.app")
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH","OPTIONS")
-                .exposedHeaders("location", "Authorization")
-                .allowedHeaders("Content-Type", "Authorization", "X-Requested-With", "Accept")
-                .allowCredentials(true);
-    }
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/**")
+//                .allowedOriginPatterns("http://localhost:3000", "http://localhost:5173", "https://localhost:5173",
+//                        "https://itpick.netlify.app")
+//                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH","OPTIONS")
+//                .exposedHeaders("location", "Authorization")
+//                .allowedHeaders("Content-Type", "Authorization", "X-Requested-With", "Accept")
+//                .allowCredentials(true);
+//    }