fix: security filter에서 allow origin *로 내려가는 문제 수정

KEEPER31337 · May 27, 2024 · 4927b19 · 4927b19
1 parent fa12760
commit 4927b19
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java b/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java
@@ -3,6 +3,7 @@
 import com.keeper.homepage.global.config.security.filter.RefreshTokenFilter;
 import com.keeper.homepage.global.config.security.handler.CustomAccessDeniedHandler;
 import com.keeper.homepage.global.config.security.handler.CustomAuthenticationEntryPoint;
+import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -54,9 +55,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   public CorsConfigurationSource corsConfigurationSource() {
     CorsConfiguration configuration = new CorsConfiguration();
 
-    configuration.addAllowedOriginPattern("*");
-    configuration.addAllowedHeader("*");
-    configuration.addAllowedMethod("*");
+    configuration.setAllowedOrigins(List.of("https://keeper.or.kr", "https://localhost:3000"));
+    configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+    configuration.addAllowedHeader("headers");
     configuration.setAllowCredentials(true);
 
     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();