Skip to content

Commit

Permalink
Merge pull request #57 from devocean-finut/develop
Browse files Browse the repository at this point in the history 
Develop
  • Loading branch information
@plum-king
plum-king authored Nov 14, 2024
2 parents f41f5b2 + 489dfb4 commit 9879e6e
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 0 deletions.
18 changes: 18 additions & 0 deletions src/main/java/com/finut/finut_server/config/CorsMvcConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package com.finut.finut_server.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsMvcConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry corsRegistry) {
corsRegistry.addMapping("/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")
.allowedHeaders("Authorization", "Content-Type")
.exposedHeaders("Authorization")
.allowCredentials(true);
}
}
19 changes: 19 additions & 0 deletions src/main/java/com/finut/finut_server/config/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

@Configuration
public class SecurityConfig {
Expand Down Expand Up @@ -47,6 +52,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, CustomOAuth2Us
.logoutSuccessUrl("/") // μž„μ‹œ
)
.csrf(AbstractHttpConfigurer::disable) // post μš”μ²­μ„ μœ„ν•œ csrf disable
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.headers(headers -> headers.frameOptions(frameOptions -> frameOptions.sameOrigin()));
return http.build();
}
Expand All @@ -72,4 +78,17 @@ public CustomOAuth2UserService customOAuth2UserService(UsersRepository userRepos
customOAuth2UserService.setAuthorizedClientService(authorizedClientService);
return customOAuth2UserService;
}

@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000")); // ν”„λ‘ νŠΈμ—”λ“œ 도메인
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")); // ν—ˆμš©ν•  HTTP λ©”μ„œλ“œ
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type")); // ν—ˆμš©ν•  헀더
configuration.setExposedHeaders(Arrays.asList("Authorization")); // μ‘λ‹΅μ—μ„œ λ…ΈμΆœν•  헀더
configuration.setAllowCredentials(true); // 자격 증λͺ… 포함 μš”μ²­ ν—ˆμš©
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration); // λͺ¨λ“  κ²½λ‘œμ— λŒ€ν•΄ CORS μ„€μ • 적용
return source;
}
}

0 comments on commit 9879e6e

Please sign in to comment.