diff --git a/src/backend/Eyesee/src/main/java/com/fortune/eyesee/config/SecurityConfig.java b/src/backend/Eyesee/src/main/java/com/fortune/eyesee/config/SecurityConfig.java index 5e09e2a..314ba85 100644 --- a/src/backend/Eyesee/src/main/java/com/fortune/eyesee/config/SecurityConfig.java +++ b/src/backend/Eyesee/src/main/java/com/fortune/eyesee/config/SecurityConfig.java @@ -6,6 +6,11 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.List; @Configuration public class SecurityConfig { @@ -13,7 +18,8 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http - .csrf(csrf -> csrf.disable()) // CSRF 비활성화 (필요시 활성화 가능) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가 + .csrf(csrf -> csrf.disable()) // CSRF 비활성화 (필요시 활성화 가능) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/admin/signup", "/api/admin/login").permitAll() // 회원가입, 로그인은 인증 필요 없음 .anyRequest().permitAll() // 나머지 요청도 인증 필요 없음 @@ -23,8 +29,21 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti return http.build(); } + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(List.of("http://example.com", "http://localhost:3000")); // 허용할 도메인 설정 + configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 허용할 HTTP 메서드 + configuration.setAllowedHeaders(List.of("*")); // 모든 헤더 허용 + configuration.setAllowCredentials(true); // 인증 정보 포함 여부 + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } + @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } -} \ No newline at end of file +}