From beb4ff84768309b7eb42bed5c849eaae2c39556f Mon Sep 17 00:00:00 2001 From: jucheolkang Date: Sun, 9 Mar 2025 21:02:16 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat=20:=20cors=20=EC=A0=81=EC=9A=A9?= =?UTF-8?q?=EB=B0=A9=EC=8B=9D=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../infrastructure/config/CorsConfig.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/app/guttokback/common/infrastructure/config/CorsConfig.java b/src/main/java/com/app/guttokback/common/infrastructure/config/CorsConfig.java index c33f2b72..8b097b9e 100644 --- a/src/main/java/com/app/guttokback/common/infrastructure/config/CorsConfig.java +++ b/src/main/java/com/app/guttokback/common/infrastructure/config/CorsConfig.java @@ -4,6 +4,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.filter.CorsFilter; import java.util.List; @@ -12,16 +13,20 @@ public class CorsConfig { @Bean - public CorsFilter corsFilter() { + public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOrigins(List.of("http://localhost:3000")); // React 개발 서버 허용 - config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); // 허용할 메서드 - config.setAllowedHeaders(List.of("*")); // 모든 헤더 허용 - config.setAllowCredentials(true); // 쿠키 포함 허용 (필요 시) + config.setAllowedOriginPatterns(List.of("http://localhost:3000")); + config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); + config.setAllowedHeaders(List.of("*")); + config.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); // 모든 경로에 적용 + source.registerCorsConfiguration("/**", config); + return source; + } - return new CorsFilter(source); + @Bean + public CorsFilter corsFilter() { + return new CorsFilter(corsConfigurationSource()); } } From d27587a54d1c71e023b55f322b13faecf7656bbe Mon Sep 17 00:00:00 2001 From: jucheolkang Date: Sun, 9 Mar 2025 21:03:11 +0900 Subject: [PATCH 2/2] =?UTF-8?q?fix=20:=20security=20config=EC=97=90=20cors?= =?UTF-8?q?=20=EC=A0=81=EC=9A=A9=20=EB=B0=A9=EC=8B=9D=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/infrastructure/config/SecurityConfig.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/app/guttokback/common/infrastructure/config/SecurityConfig.java b/src/main/java/com/app/guttokback/common/infrastructure/config/SecurityConfig.java index 6aa5821b..00127ac2 100644 --- a/src/main/java/com/app/guttokback/common/infrastructure/config/SecurityConfig.java +++ b/src/main/java/com/app/guttokback/common/infrastructure/config/SecurityConfig.java @@ -24,8 +24,9 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http + .cors(cors -> cors.configurationSource(corsConfig.corsConfigurationSource())) .csrf(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(authorize -> authorize + .authorizeHttpRequests(auth -> auth .requestMatchers( "/swagger", "/swagger-ui.html", "/swagger-ui/**", "/api-docs", "/api-docs/**", "/v3/api-docs/**", @@ -41,8 +42,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti ).hasAnyAuthority(Roles.ROLE_USER.toString()) .anyRequest().authenticated() ) - .addFilter(corsConfig.corsFilter()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)); + return http.build(); }