Merge origin/main into main

k3vin7 · k3vin7 · commit 2d85defa123f · 2026-02-16T06:25:07.000+09:00
diff --git a/src/main/java/com/daramg/server/auth/config/SecurityConfig.java b/src/main/java/com/daramg/server/auth/config/SecurityConfig.java
@@ -35,6 +35,11 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .headers(headers -> headers.frameOptions(frame -> frame.sameOrigin()))  // 추가: h2 db 접근
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
+                        /**
+                         * CORS preflight 요청 허용
+                         */
+                        .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+
                         /**
                          * 인증 없이 허용할 경로
                          */
diff --git a/src/main/java/com/daramg/server/auth/filter/JwtAuthorizationFilter.java b/src/main/java/com/daramg/server/auth/filter/JwtAuthorizationFilter.java
@@ -38,6 +38,11 @@ public class JwtAuthorizationFilter extends OncePerRequestFilter {
     @Value("${cookie.access-name}")
     public String ACCESS_COOKIE_NAME;
 
+    @Override
+    protected boolean shouldNotFilter(@NotNull HttpServletRequest request) {
+        return "OPTIONS".equalsIgnoreCase(request.getMethod());
+    }
+
     @Override
     protected void doFilterInternal(@NotNull HttpServletRequest request,
                                     @NotNull HttpServletResponse response,
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -45,5 +45,7 @@ cors:
     - "https://classic-daramg.duckdns.org"
     - "https://client-amber-sigma.vercel.app"
     - "https://client-kwongeonwoos-projects.vercel.app"
+    - "https://www.classicaldaramg.com"
+    - "https://classicaldaramg.com"
     - "https://www.classicaldaramz.com"
     - "https://classicaldaramz.com"
