Skip to content

Commit 1ee96e2

Browse files
ysw789ysw789
authored
fix: CORS 개방 설정
- 모든 출처의 요청에 대한 CORS 허용 (추후 수정)
1 parent e27d591 commit 1ee96e2

File tree

1 file changed

+20
-1
lines changed

1 file changed

+20
-1
lines changed

src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,11 @@
1818
import org.springframework.security.config.http.SessionCreationPolicy;
1919
import org.springframework.security.web.SecurityFilterChain;
2020
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
21+
import org.springframework.web.cors.CorsConfiguration;
22+
import org.springframework.web.cors.CorsConfigurationSource;
23+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
24+
25+
import java.util.List;
2126

2227
@Configuration
2328
@EnableWebSecurity
@@ -34,14 +39,28 @@ public AuthenticationManager authenticationManager(final AuthenticationConfigura
3439
return configuration.getAuthenticationManager();
3540
}
3641

42+
@Bean
43+
public CorsConfigurationSource corsConfigurationSource() {
44+
CorsConfiguration configuration = new CorsConfiguration();
45+
configuration.setAllowedOriginPatterns(List.of("*"));
46+
configuration.setAllowedMethods(List.of("*"));
47+
configuration.setAllowedHeaders(List.of("*"));
48+
configuration.setExposedHeaders(List.of("*"));
49+
configuration.setAllowCredentials(true);
50+
51+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
52+
source.registerCorsConfiguration("/**", configuration);
53+
return source;
54+
}
55+
3756
@Bean
3857
public SecurityFilterChain filterChain(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception {
3958
final CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(authenticationManager, jwtUtil);
4059
customAuthenticationFilter.setFilterProcessesUrl("/api/auth/login");
4160

4261
return http
4362
.csrf(AbstractHttpConfigurer::disable)
44-
.cors(AbstractHttpConfigurer::disable)
63+
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
4564
.formLogin(AbstractHttpConfigurer::disable)
4665
.httpBasic(AbstractHttpConfigurer::disable)
4766
.logout(AbstractHttpConfigurer::disable)

0 commit comments

Comments
 (0)