Merge pull request #310 from MT-TEAM-Org/fix/cors

fix: cors 추가 및 수정

Author: Kyoungwoong

src/main/java/org/myteam/server/global/config/WebConfig.java

@@ -4,6 +4,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 
@@ -15,8 +16,8 @@
 @Configuration
 public class WebConfig {
 
-    @Value("${FRONT_URL:http://localhost:3000}")
-    private String frontUrl;
+    private final String[] ALLOWED_ORIGIN = {"http://localhost:3000", "https://main.dbbilwoxps3tu.amplifyapp.com",
+            "https://playhive.co.kr", "https://www.playhive.co.kr"};
 
     protected WebConfig() {
     }
@@ -26,8 +27,6 @@ public CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         CorsConfiguration config = new CorsConfiguration();
 
-        final String[] ALLOWED_ORIGIN = {frontUrl, "http://localhost:3000"};
-
         config.setAllowCredentials(true);
         config.setAllowedOrigins(Arrays.asList(ALLOWED_ORIGIN));
         config.addAllowedHeader("*");
@@ -41,4 +40,21 @@ public CorsFilter corsFilter() {
         // TODO: 타입 확인해보기
         return new CorsFilter(source);
     }
+
+    @Bean
+    public CorsConfigurationSource configurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.setAllowedOrigins(Arrays.asList(ALLOWED_ORIGIN));
+        configuration.setAllowCredentials(true);
+        
+        configuration.addExposedHeader(HEADER_AUTHORIZATION);
+        configuration.addExposedHeader(REFRESH_TOKEN_KEY);
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }

src/main/java/org/myteam/server/global/security/config/SecurityConfig.java

@@ -2,6 +2,7 @@
 
 import static org.myteam.server.global.security.jwt.JwtProvider.*;
 
+import org.myteam.server.global.config.WebConfig;
 import org.myteam.server.global.security.filter.AuthenticationEntryPointHandler;
 import org.myteam.server.global.security.filter.CustomAccessDeniedHandler;
 import org.myteam.server.global.security.filter.JwtAuthenticationFilter;
@@ -183,8 +184,6 @@ public class SecurityConfig {
 		/** @brief Check Access Member */"/test/cert",
 	};
 
-	@Value("${FRONT_URL:http://localhost:3000}")
-	private String frontUrl;
 	private final JwtProvider jwtProvider;
 	private final CustomUserDetailsService customUserDetailsService;
 	private final CustomOAuth2UserService customOAuth2UserService;
@@ -193,12 +192,7 @@ public class SecurityConfig {
 	private final ApplicationEventPublisher eventPublisher;
 	private final RedisService redisService;
 	private final MemberJpaRepository memberJpaRepository;
-
-	@PostConstruct
-	public void init() {
-		log.debug("init security config");
-		log.debug("frontUrl = {}", frontUrl);
-	}
+	private final WebConfig webConfig;
 
 	@Bean
 	public BCryptPasswordEncoder passwordEncoder() {
@@ -245,7 +239,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 		//                .addFilter(webConfig.corsFilter()); // CORS 필터 추가
 
 		//        // cors 설정
-		http.cors((corsCustomizer) -> corsCustomizer.configurationSource(configurationSource()));
+		http.cors((corsCustomizer) -> corsCustomizer.configurationSource(webConfig.configurationSource()));
 
 		// 예외 처리 핸들러 설정
 		http.exceptionHandling(exceptionHandling -> exceptionHandling
@@ -287,20 +281,4 @@ public AuthenticationManager authenticationManager() {
 		return new ProviderManager(provider);
 	}
 
-	public CorsConfigurationSource configurationSource() {
-		CorsConfiguration configuration = new CorsConfiguration();
-		configuration.addAllowedHeader("*");
-		configuration.addAllowedMethod("*");
-		configuration.addAllowedOriginPattern(frontUrl); // TODO_ 추후 변경 해야함 배포시
-		configuration.addAllowedOriginPattern("http://localhost:3000"); // TODO_ 추후 변경 해야함 배포시
-		configuration.addAllowedOriginPattern("https://main.dbbilwoxps3tu.amplifyapp.com");
-		configuration.addAllowedOriginPattern("https://playhive.co.kr");
-		configuration.setAllowCredentials(true);
-		configuration.addExposedHeader(HEADER_AUTHORIZATION);
-		configuration.addExposedHeader(REFRESH_TOKEN_KEY);
-		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-		source.registerCorsConfiguration("/**", configuration);
-		return source;
-	}
-
 }