From ccdb93a7fe2deff99f7b6d7c892b9f555c167e3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B9=80=EB=AF=BC=EC=84=9D?= <skyfox001015@naver.com>
Date: Sat, 17 Aug 2024 14:00:38 +0900
Subject: [PATCH] =?UTF-8?q?feat=20:=20security=EB=A1=9C=20=EB=B3=80?=
 =?UTF-8?q?=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../itpick/backend/config/SecurityConfig.java | 33 ++++++++++---------
 .../itpick/backend/config/WebConfig.java      | 20 +++++------
 2 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/src/main/java/store/itpick/backend/config/SecurityConfig.java b/src/main/java/store/itpick/backend/config/SecurityConfig.java
index 99f491a..aab3300 100644
--- a/src/main/java/store/itpick/backend/config/SecurityConfig.java
+++ b/src/main/java/store/itpick/backend/config/SecurityConfig.java
@@ -1,6 +1,5 @@
 package store.itpick.backend.config;
 
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -33,25 +32,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         http
                 .csrf(AbstractHttpConfigurer::disable)
-//                .cors(withDefaults())  // CORS 설정 추가
+                .cors(withDefaults())  // CORS 설정 추가
                 .formLogin(FormLoginConfigurer::disable)
-                .sessionManagement((sessionManagement) ->
+                .sessionManagement(sessionManagement ->
                         sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 );
 
         return http.build();
     }
 
-//    @Bean
-//    public CorsFilter corsFilter() {
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        CorsConfiguration config = new CorsConfiguration();
-//        config.setAllowCredentials(true);
-//        config.addAllowedOrigin("https://itpick.netlify.app");
-//        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
-//        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
-//        config.setExposedHeaders(Arrays.asList("set-cookie"));
-//        source.registerCorsConfiguration("/**", config);
-//        return new CorsFilter(source);
-//    }
-}
\ No newline at end of file
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("https://itpick.netlify.app");
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("http://localhost:5173");
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
+        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}
diff --git a/src/main/java/store/itpick/backend/config/WebConfig.java b/src/main/java/store/itpick/backend/config/WebConfig.java
index 1fc938d..a41d41f 100644
--- a/src/main/java/store/itpick/backend/config/WebConfig.java
+++ b/src/main/java/store/itpick/backend/config/WebConfig.java
@@ -41,16 +41,16 @@ public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers)
 
 
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("http://localhost:3000", "http://localhost:5173", "https://localhost:5173",
-                        "https://itpick.netlify.app")
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH","OPTIONS")
-                .exposedHeaders("location", "Authorization")
-                .allowedHeaders("Content-Type", "Authorization", "X-Requested-With", "Accept")
-                .allowCredentials(true);
-    }
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/**")
+//                .allowedOriginPatterns("http://localhost:3000", "http://localhost:5173", "https://localhost:5173",
+//                        "https://itpick.netlify.app")
+//                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH","OPTIONS")
+//                .exposedHeaders("location", "Authorization")
+//                .allowedHeaders("Content-Type", "Authorization", "X-Requested-With", "Accept")
+//                .allowCredentials(true);
+//    }