From b5b062407900aee492eab6e65b7ae03def66751a Mon Sep 17 00:00:00 2001 From: plum-king Date: Thu, 14 Nov 2024 23:52:02 +0900 Subject: [PATCH] =?UTF-8?q?#39=20Add=20Cors=20Setting=20:=20Cors=20?= =?UTF-8?q?=EC=84=B8=ED=8C=85=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../finut_server/config/CorsMvcConfig.java | 18 ++++++++++++++++++ .../finut_server/config/SecurityConfig.java | 19 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 src/main/java/com/finut/finut_server/config/CorsMvcConfig.java diff --git a/src/main/java/com/finut/finut_server/config/CorsMvcConfig.java b/src/main/java/com/finut/finut_server/config/CorsMvcConfig.java new file mode 100644 index 0000000..fa2c5bb --- /dev/null +++ b/src/main/java/com/finut/finut_server/config/CorsMvcConfig.java @@ -0,0 +1,18 @@ +package com.finut.finut_server.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +@Configuration +public class CorsMvcConfig implements WebMvcConfigurer { + @Override + public void addCorsMappings(CorsRegistry corsRegistry) { + corsRegistry.addMapping("/**") + .allowedOrigins("http://localhost:3000") + .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD") + .allowedHeaders("Authorization", "Content-Type") + .exposedHeaders("Authorization") + .allowCredentials(true); + } +} diff --git a/src/main/java/com/finut/finut_server/config/SecurityConfig.java b/src/main/java/com/finut/finut_server/config/SecurityConfig.java index d82e14d..6f1627d 100644 --- a/src/main/java/com/finut/finut_server/config/SecurityConfig.java +++ b/src/main/java/com/finut/finut_server/config/SecurityConfig.java @@ -18,6 +18,11 @@ import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @Configuration public class SecurityConfig { @@ -47,6 +52,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, CustomOAuth2Us .logoutSuccessUrl("/") // 임시 ) .csrf(AbstractHttpConfigurer::disable) // post 요청을 위한 csrf disable + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.sameOrigin())); return http.build(); } @@ -72,4 +78,17 @@ public CustomOAuth2UserService customOAuth2UserService(UsersRepository userRepos customOAuth2UserService.setAuthorizedClientService(authorizedClientService); return customOAuth2UserService; } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000")); // 프론트엔드 도메인 + configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")); // 허용할 HTTP 메서드 + configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type")); // 허용할 헤더 + configuration.setExposedHeaders(Arrays.asList("Authorization")); // 응답에서 노출할 헤더 + configuration.setAllowCredentials(true); // 자격 증명 포함 요청 허용 + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); // 모든 경로에 대해 CORS 설정 적용 + return source; + } } \ No newline at end of file