🐛 CORS 오류 수정

- 배포 시 발생하는 CORS 오류를 수정하였습니다.
GDSC-snowflowerthon · Jan 12, 2024 · 8bf8a2f · 8bf8a2f
1 parent ff40441
commit 8bf8a2f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 47 deletions.
diff --git a/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/CorsConfig.java b/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/CorsConfig.java
diff --git a/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/SecurityConfig.java b/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/SecurityConfig.java
@@ -6,6 +6,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -15,14 +16,14 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
-    private final CorsConfig corsConfig;
     private final JwtFilter jwtFilter;
     private final OAuth2SuccessHandler successHandler;
     private final CustomOAuth2UserService customOAuth2UserService;
@@ -46,24 +47,27 @@ public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
-    CorsConfigurationSource corsConfigurationSource() {
-        return request -> {
-            CorsConfiguration config = new CorsConfiguration();
-            config.setAllowedHeaders(Collections.singletonList("*"));
-            config.setAllowedMethods(Collections.singletonList("*"));
-            config.setAllowedOriginPatterns(Collections.singletonList("http://localhost:3000"));
-            config.setAllowedOriginPatterns(Collections.singletonList("https://kidari.site"));
-            config.setAllowedOriginPatterns(Collections.singletonList("https://kidari.site:3000"));
-            config.setAllowCredentials(true);
-            return config;
-        };
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedHeaders(Collections.singletonList("*"));
+        config.setAllowedMethods(Collections.singletonList("*"));
+        config.addAllowedOriginPattern("http://localhost:3000");
+        config.addAllowedOriginPattern("https://kidari.site");
+        config.addAllowedOriginPattern("https://kidari.site:3000");
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
     }
 
     @Bean
     protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .httpBasic(HttpBasicConfigurer::disable)
-                .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
+                .cors(Customizer.withDefaults())
                 .csrf(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests((authorizeRequests) -> {