[CICD] securityConfig, WebConfig 수정

Author: simhyunmin

src/main/java/fitfit/global/config/WebConfig.java

@@ -7,13 +7,4 @@
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**") // 모든 경로에 대해
-                .allowedOrigins("https://d3trbid3w75opm.cloudfront.net", "http://localhost:3000", "https://fitfit.site", "http://localhost:5173") // CloudFront와 로컬 개발 환경 허용
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*")
-                .allowCredentials(true)
-                .maxAge(3600);
-    }
 }

src/main/java/fitfit/global/security/config/SecurityConfig.java

@@ -57,11 +57,11 @@ public SecurityFilterChain filterChain (HttpSecurity http) throws Exception {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
-        config.setAllowedOrigins(List.of("*")); // 일단 전체 허용 (추후 변경 가능성 있음)
+        config.setAllowedOrigins(List.of("https://d3trbid3w75opm.cloudfront.net", "http://localhost:3000", "https://fitfit.site", "http://localhost:5173"));
         config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         config.setAllowedHeaders(List.of("*"));
-        config.setAllowCredentials(false); // 헤더에 토큰만 보내므로 false
-        config.setExposedHeaders(List.of("Authorization")); // iOS 앱에서 Authorization 헤더 읽을 수 있도록 노출
+        config.setAllowCredentials(true);
+        config.setExposedHeaders(List.of("Authorization"));
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", config);