Skip to content

Commit bca053c

Browse files
kimchanho97kimchanho97
committed
refactor: CORS 해제
1 parent bc206c5 commit bca053c

1 file changed

Lines changed: 20 additions & 0 deletions

File tree

src/main/java/com/burntoburn/easyshift/config/SecurityConfig.java

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,11 @@
1414
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
1515
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
1616
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
17+
import org.springframework.web.cors.CorsConfiguration;
18+
import org.springframework.web.cors.CorsConfigurationSource;
19+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
20+
21+
import java.util.Collections;
1722

1823
@Configuration
1924
@EnableWebSecurity
@@ -41,6 +46,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
4146

4247
http
4348
.csrf(AbstractHttpConfigurer::disable)
49+
.cors((cors) -> cors.configurationSource(corsConfigurationSource()))
4450
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
4551
.formLogin(AbstractHttpConfigurer::disable)
4652
.httpBasic(AbstractHttpConfigurer::disable)
@@ -75,6 +81,20 @@ private void configureAuthorization(AuthorizeHttpRequestsConfigurer<HttpSecurity
7581
.anyRequest().permitAll();
7682
}
7783

84+
public CorsConfigurationSource corsConfigurationSource() {
85+
CorsConfiguration configuration = new CorsConfiguration();
86+
configuration.addAllowedHeader("*"); // 모든 헤더 허용
87+
configuration.addAllowedMethod("*"); // 모든 HTTP 메서드 허용
88+
configuration.setAllowedOriginPatterns(Collections.singletonList("*")); // 모든 Origin 허용
89+
configuration.setAllowCredentials(true); // 인증 정보 포함 가능 (쿠키 등)
90+
configuration.setExposedHeaders(Collections.singletonList("Authorization")); // 🔹 응답 헤더에서 Authorization 허용
91+
92+
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
93+
source.registerCorsConfiguration("/**", configuration);
94+
return source;
95+
}
96+
97+
7898
// OAuth2 login configuration
7999
// private void configureOAuth2Login(OAuth2LoginConfigurer<HttpSecurity> oauth2) {
80100
// oauth2

0 commit comments

Comments
 (0)