Skip to content

Commit 670ffd4

Browse files
feat: cors 설정 추가 (#54)
1 parent 7c7a583 commit 670ffd4

4 files changed

Lines changed: 50 additions & 2 deletions

File tree

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
package org.devkor.apu.saerok_server.global.security;
2+
3+
import lombok.Getter;
4+
import lombok.Setter;
5+
import org.springframework.boot.context.properties.ConfigurationProperties;
6+
import org.springframework.stereotype.Component;
7+
8+
import java.util.List;
9+
10+
@Component
11+
@Getter
12+
@Setter
13+
@ConfigurationProperties(prefix = "cors")
14+
public class CorsProperties {
15+
16+
private List<String> allowedOrigins;
17+
}

src/main/java/org/devkor/apu/saerok_server/global/security/SecurityConfig.java

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package org.devkor.apu.saerok_server.global.security;
22

33
import lombok.RequiredArgsConstructor;
4+
import lombok.extern.slf4j.Slf4j;
45
import org.springframework.context.annotation.Bean;
56
import org.springframework.context.annotation.Configuration;
67
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -9,7 +10,13 @@
910
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
1011
import org.springframework.security.web.SecurityFilterChain;
1112
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
13+
import org.springframework.web.cors.CorsConfiguration;
14+
import org.springframework.web.cors.CorsConfigurationSource;
15+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
1216

17+
import java.util.List;
18+
19+
@Slf4j
1320
@Configuration
1421
@EnableWebSecurity
1522
@EnableMethodSecurity
@@ -23,6 +30,7 @@ public class SecurityConfig {
2330
private final JwtAuthenticationFilter jwtAuthenticationFilter;
2431
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
2532
private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
33+
private final CorsProperties corsProperties;
2634

2735
@Bean
2836
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
@@ -39,6 +47,22 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
3947
.anyRequest().permitAll() // 일단 HTTP 레벨에서는 다 들여보내고, 메서드별 애노테이션으로 권한 설정
4048
)
4149
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
50+
.cors(cors -> {})
4251
.build();
4352
}
53+
54+
@Bean
55+
public CorsConfigurationSource corsConfigurationSource() {
56+
CorsConfiguration config = new CorsConfiguration();
57+
config.setAllowedOrigins(corsProperties.getAllowedOrigins());
58+
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
59+
config.setAllowedHeaders(List.of("*"));
60+
config.setAllowCredentials(true);
61+
62+
log.info("cors allowed origins: {}", corsProperties.getAllowedOrigins());
63+
64+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
65+
source.registerCorsConfiguration("/**", config);
66+
return source;
67+
}
4468
}

src/main/resources/application-dev.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,4 +44,8 @@ kakao:
4444

4545
app:
4646
cookie:
47-
secure: true
47+
secure: true
48+
49+
cors:
50+
allowed-origins:
51+
- http://localhost:3000

src/main/resources/application-local.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,4 +46,7 @@ kakao:
4646

4747
app:
4848
cookie:
49-
secure: false
49+
secure: false
50+
51+
cors:
52+
allowed-origins: []

0 commit comments

Comments
 (0)