🔧 chore: https 환경 설정 추가

Author: jiwon1217

backend/src/main/java/io/f1/backend/global/config/CorsConfig.java

@@ -12,8 +12,7 @@ public class CorsConfig {
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
 
-        config.addAllowedOrigin("http://localhost:3000"); // 개발 환경
-        config.addAllowedOrigin("http://brainrace.duckdns.org"); // 배포 환경
+        config.addAllowedOrigin("https://brainrace.duckdns.org");
 
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");

backend/src/main/java/io/f1/backend/global/config/SecurityConfig.java

@@ -11,6 +11,7 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -47,7 +48,8 @@ public SecurityFilterChain userFilterChain(HttpSecurity http) throws Exception {
                                                 "/js/**",
                                                 "/admin/login")
                                         .permitAll()
-                                        .requestMatchers("/ws/**")
+                                    .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                                    .requestMatchers("/ws/**")
                                         .authenticated()
                                         .requestMatchers("/user/me")
                                         .hasRole("USER")

backend/src/main/resources/application.yml

@@ -59,5 +59,7 @@ server:
   servlet:
     session:
       cookie:
+        same-site: None
+        secure: true
         http-only: true
-      timeout: 1800
+      timeout: 60