feat : cors 설정

- react 3000번 포트 - 도메인(프론트) 및 서브도메인(백엔드)
kakao-tech-campus-2nd-step3 · Nov 12, 2024 · 5e04adb · 5e04adb
1 parent 82f13ae
commit 5e04adb
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/src/main/java/poomasi/domain/auth/config/CorsConfig.java b/src/main/java/poomasi/domain/auth/config/CorsConfig.java
@@ -0,0 +1,36 @@
+package poomasi.domain.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+
+        // 허용할 origin 목록 설정
+        config.setAllowedOrigins(Arrays.asList(
+                "https://localhost:3000",
+                "https://poomasi.shop",
+                "https://*.poomasi.shop"
+        ));
+
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
+        config.setAllowedHeaders(Arrays.asList("*"));
+        config.setAllowCredentials(true);
+        config.setExposedHeaders(Arrays.asList("Set-Cookie", "Authorization"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config); // 모든 경로에 대해 적용
+
+        return source;
+    }
+}
+
diff --git a/src/main/java/poomasi/domain/auth/config/SecurityConfig.java b/src/main/java/poomasi/domain/auth/config/SecurityConfig.java
@@ -1,6 +1,8 @@
 package poomasi.domain.auth.config;
 
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,6 +20,9 @@
 import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import poomasi.domain.auth.security.filter.CustomUsernamePasswordAuthenticationFilter;
 import poomasi.domain.auth.security.filter.JwtAuthenticationFilter;
 import poomasi.domain.auth.security.handler.CustomSuccessHandler;
@@ -26,6 +31,9 @@
 import poomasi.domain.auth.security.userdetail.UserDetailsServiceImpl;
 import poomasi.domain.auth.token.util.JwtUtil;
 
+import java.util.Arrays;
+import java.util.Collections;
+
 
 @AllArgsConstructor
 @Configuration
@@ -38,6 +46,7 @@ public class SecurityConfig {
     private final MvcRequestMatcher.Builder mvc;
     private final CustomSuccessHandler customSuccessHandler;
     private final UserDetailsServiceImpl userDetailsService;
+    private final CorsConfigurationSource corsConfigurationSource;
 
     @Autowired
     private OAuth2UserDetailServiceImpl oAuth2UserDetailServiceImpl;
@@ -60,8 +69,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         //csrf 해제
         http.csrf(AbstractHttpConfigurer::disable);
 
-        //cors 해제
-        http.cors(AbstractHttpConfigurer::disable);
+        //cors 설정
+        http.cors(cors -> cors
+                .configurationSource(corsConfigurationSource));
 
         //세션 해제
         http.sessionManagement((session) -> session