fix: 로그인 에러 수정 #102

- CSRF를 http 요청만 허용 (테스트를 위해)

Author: HYEONSIKOH

chat/src/main/java/org/example/soundlinkchat_java/global/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.example.soundlinkchat_java.global.config;
 
+import jakarta.servlet.ServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.example.soundlinkchat_java.global.auth.JwtAuthenticationFilter;
 import org.example.soundlinkchat_java.global.auth.JwtProvider;
@@ -21,6 +22,9 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+                .csrf(csrf -> csrf
+                        .requireCsrfProtectionMatcher(ServletRequest::isSecure) // HTTPS만 CSRF 보호 적용
+                )
                 .authorizeHttpRequests(auth -> auth
 //                        .requestMatchers("/api/**").permitAll()
 //                        .requestMatchers("/swagger-ui/**").permitAll()

default/src/main/java/org/dfbf/soundlink/global/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.dfbf.soundlink.global.config;
 
+import jakarta.servlet.ServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.dfbf.soundlink.global.auth.JwtAuthenticationFilter;
 import org.dfbf.soundlink.global.auth.JwtProvider;
@@ -27,6 +28,9 @@ public BCryptPasswordEncoder passwordEncoder() {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
         http
+                .csrf(csrf -> csrf
+                        .requireCsrfProtectionMatcher(ServletRequest::isSecure) // HTTPS만 CSRF 보호 적용
+                )
                 .authorizeHttpRequests(auth -> auth
 //                        .requestMatchers("/api/**").permitAll()
 //                        .requestMatchers("/swagger-ui/**").permitAll()