From e6058a376e5290a58b5416cfdaa3e8cb18f9d7e8 Mon Sep 17 00:00:00 2001 From: Seungwan Yoo Date: Mon, 10 Feb 2025 23:41:35 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20CORS=20=EA=B0=9C=EB=B0=A9=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20-=20=EB=AA=A8=EB=93=A0=20=EC=B6=9C=EC=B2=98?= =?UTF-8?q?=EC=9D=98=20=EC=9A=94=EC=B2=AD=EC=97=90=20=EB=8C=80=ED=95=9C=20?= =?UTF-8?q?CORS=20=ED=97=88=EC=9A=A9=20(=EC=B6=94=ED=9B=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/auth/config/SecurityConfig.java | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java b/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java index f18463a..9b92885 100644 --- a/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java +++ b/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java @@ -18,6 +18,11 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.List; @Configuration @EnableWebSecurity @@ -34,6 +39,20 @@ public AuthenticationManager authenticationManager(final AuthenticationConfigura return configuration.getAuthenticationManager(); } + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOriginPatterns(List.of("*")); + configuration.setAllowedMethods(List.of("*")); + configuration.setAllowedHeaders(List.of("*")); + configuration.setExposedHeaders(List.of("*")); + configuration.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } + @Bean public SecurityFilterChain filterChain(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception { final CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(authenticationManager, jwtUtil); @@ -41,7 +60,7 @@ public SecurityFilterChain filterChain(final HttpSecurity http, final Authentica return http .csrf(AbstractHttpConfigurer::disable) - .cors(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .formLogin(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) .logout(AbstractHttpConfigurer::disable)