#39 Add Cors Setting : Cors 세팅 추가

devocean-finut · Nov 14, 2024 · b5b0624 · b5b0624
1 parent 15efab9
commit b5b0624
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/src/main/java/com/finut/finut_server/config/CorsMvcConfig.java b/src/main/java/com/finut/finut_server/config/CorsMvcConfig.java
@@ -0,0 +1,18 @@
+package com.finut.finut_server.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsMvcConfig implements WebMvcConfigurer {
+    @Override
+    public void addCorsMappings(CorsRegistry corsRegistry) {
+        corsRegistry.addMapping("/**")
+                .allowedOrigins("http://localhost:3000")
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")
+                .allowedHeaders("Authorization", "Content-Type")
+                .exposedHeaders("Authorization")
+                .allowCredentials(true);
+    }
+}
diff --git a/src/main/java/com/finut/finut_server/config/SecurityConfig.java b/src/main/java/com/finut/finut_server/config/SecurityConfig.java
@@ -18,6 +18,11 @@
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 @Configuration
 public class SecurityConfig {
@@ -47,6 +52,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, CustomOAuth2Us
                                 .logoutSuccessUrl("/") // 임시
                 )
                 .csrf(AbstractHttpConfigurer::disable) // post 요청을 위한 csrf disable
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.sameOrigin()));
         return http.build();
     }
@@ -72,4 +78,17 @@ public CustomOAuth2UserService customOAuth2UserService(UsersRepository userRepos
         customOAuth2UserService.setAuthorizedClientService(authorizedClientService);
         return customOAuth2UserService;
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000")); // 프론트엔드 도메인
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD")); // 허용할 HTTP 메서드
+        configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type")); // 허용할 헤더
+        configuration.setExposedHeaders(Arrays.asList("Authorization")); // 응답에서 노출할 헤더
+        configuration.setAllowCredentials(true); // 자격 증명 포함 요청 허용
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration); // 모든 경로에 대해 CORS 설정 적용
+        return source;
+    }
 }