🐛 CORS 오류 수정

- 배포 시 발생하는 CORS 오류를 수정하였습니다.
GDSC-snowflowerthon · Jan 12, 2024 · ff40441 · ff40441
1 parent 6a5a127
commit ff40441
Showing 1 changed file with 28 additions and 8 deletions.
diff --git a/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/SecurityConfig.java b/src/main/java/com/committers/snowflowerthon/committersserver/auth/config/SecurityConfig.java
@@ -9,9 +9,14 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
@@ -41,9 +46,24 @@ public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+    CorsConfigurationSource corsConfigurationSource() {
+        return request -> {
+            CorsConfiguration config = new CorsConfiguration();
+            config.setAllowedHeaders(Collections.singletonList("*"));
+            config.setAllowedMethods(Collections.singletonList("*"));
+            config.setAllowedOriginPatterns(Collections.singletonList("http://localhost:3000"));
+            config.setAllowedOriginPatterns(Collections.singletonList("https://kidari.site"));
+            config.setAllowedOriginPatterns(Collections.singletonList("https://kidari.site:3000"));
+            config.setAllowCredentials(true);
+            return config;
+        };
+    }
+
     @Bean
     protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+                .httpBasic(HttpBasicConfigurer::disable)
+                .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
                 .csrf(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests((authorizeRequests) -> {
@@ -56,7 +76,7 @@ protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .addFilterBefore(new JwtExceptionFilter(), JwtFilter.class) // JwtExceptionFilter를 JwtFilter 앞에 추가
 
                 .logout(log -> log
-                        .logoutUrl("/api/logout")
+                        .logoutUrl("/logout")
                         .logoutSuccessHandler(new CustomLogoutSuccessHandler())
                 )
                 // OAuth 2.0 로그인 설정 시작
@@ -77,11 +97,11 @@ protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http.build();
     }
 
-    public class CorsConfigurer extends AbstractHttpConfigurer<CorsConfigurer, HttpSecurity> {
-        @Override
-        public void configure(HttpSecurity http) throws Exception {
-            http
-                    .addFilter(corsConfig.corsFilter());
-        }
-    }
+//    public class CorsConfigurer extends AbstractHttpConfigurer<CorsConfigurer, HttpSecurity> {
+//        @Override
+//        public void configure(HttpSecurity http) throws Exception {
+//            http
+//                    .addFilter(corsConfig.corsFilter());
+//        }
+//    }
 }