Skip to content

Commit 3cc973f

Browse files
authored
Merge pull request #13 from DevKor-github/feature/cors
feat: CORS 설정 추가
2 parents e2b3de5 + 335d266 commit 3cc973f

2 files changed

Lines changed: 41 additions & 2 deletions

File tree

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
package com.ODG.ODG_back.security.config;
2+
3+
import org.springframework.context.annotation.Bean;
4+
import org.springframework.context.annotation.Configuration;
5+
import org.springframework.web.cors.CorsConfiguration;
6+
import org.springframework.web.cors.CorsConfigurationSource;
7+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
8+
import java.util.Arrays;
9+
10+
@Configuration
11+
public class CorsConfig {
12+
13+
@Bean
14+
public CorsConfigurationSource corsConfigurationSource() {
15+
CorsConfiguration configuration = new CorsConfiguration();
16+
17+
// 프론트 연동 후 localhost 부분 삭제 필수
18+
configuration.setAllowedOriginPatterns(Arrays.asList(
19+
"http://localhost:*",
20+
"https://localhost:*",
21+
"https://o-digo.com"
22+
));
23+
24+
configuration.setAllowedMethods(Arrays.asList(
25+
"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"
26+
));
27+
configuration.setAllowedHeaders(Arrays.asList("*"));
28+
configuration.setAllowCredentials(true);
29+
configuration.setExposedHeaders(Arrays.asList(
30+
"Authorization", "Content-Disposition"
31+
));
32+
configuration.setMaxAge(3600L);
33+
34+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
35+
source.registerCorsConfiguration("/**", configuration);
36+
return source;
37+
}
38+
}

src/main/java/com/ODG/ODG_back/security/config/SecurityConfig.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,25 +4,26 @@
44
import lombok.RequiredArgsConstructor;
55
import org.springframework.context.annotation.Bean;
66
import org.springframework.context.annotation.Configuration;
7-
import org.springframework.security.config.Customizer;
87
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
98
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
109
import org.springframework.security.config.http.SessionCreationPolicy;
1110
import org.springframework.security.web.SecurityFilterChain;
1211
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
12+
import org.springframework.web.cors.CorsConfigurationSource;
1313

1414
@Configuration
1515
@EnableWebSecurity
1616
@RequiredArgsConstructor
1717
public class SecurityConfig {
1818

1919
private final JwtTokenFilter jwtTokenFilter;
20+
private final CorsConfigurationSource corsConfigurationSource;
2021

2122
@Bean
2223
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
2324
return http
2425
.csrf(csrf -> csrf.disable())
25-
.cors(Customizer.withDefaults())
26+
.cors(cors -> cors.configurationSource(corsConfigurationSource))
2627
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
2728
.authorizeHttpRequests(auth -> auth
2829
.requestMatchers("/swagger-ui/**",

0 commit comments

Comments
 (0)