From 5e04adb27849a4764119657deb8e716b74c30427 Mon Sep 17 00:00:00 2001
From: amm0124 <amm012450@gmail.com>
Date: Tue, 12 Nov 2024 19:54:28 +0900
Subject: [PATCH] =?UTF-8?q?feat=20:=20cors=20=EC=84=A4=EC=A0=95=20-=20reac?=
 =?UTF-8?q?t=203000=EB=B2=88=20=ED=8F=AC=ED=8A=B8=20-=20=EB=8F=84=EB=A9=94?=
 =?UTF-8?q?=EC=9D=B8(=ED=94=84=EB=A1=A0=ED=8A=B8)=20=EB=B0=8F=20=EC=84=9C?=
 =?UTF-8?q?=EB=B8=8C=EB=8F=84=EB=A9=94=EC=9D=B8(=EB=B0=B1=EC=97=94?=
 =?UTF-8?q?=EB=93=9C)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../domain/auth/config/CorsConfig.java        | 36 +++++++++++++++++++
 .../domain/auth/config/SecurityConfig.java    | 14 ++++++--
 2 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 src/main/java/poomasi/domain/auth/config/CorsConfig.java

diff --git a/src/main/java/poomasi/domain/auth/config/CorsConfig.java b/src/main/java/poomasi/domain/auth/config/CorsConfig.java
new file mode 100644
index 00000000..fe09e981
--- /dev/null
+++ b/src/main/java/poomasi/domain/auth/config/CorsConfig.java
@@ -0,0 +1,36 @@
+package poomasi.domain.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+
+        // 허용할 origin 목록 설정
+        config.setAllowedOrigins(Arrays.asList(
+                "https://localhost:3000",
+                "https://poomasi.shop",
+                "https://*.poomasi.shop"
+        ));
+
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
+        config.setAllowedHeaders(Arrays.asList("*"));
+        config.setAllowCredentials(true);
+        config.setExposedHeaders(Arrays.asList("Set-Cookie", "Authorization"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config); // 모든 경로에 대해 적용
+
+        return source;
+    }
+}
+
diff --git a/src/main/java/poomasi/domain/auth/config/SecurityConfig.java b/src/main/java/poomasi/domain/auth/config/SecurityConfig.java
index c2a3f1a5..77fb6413 100644
--- a/src/main/java/poomasi/domain/auth/config/SecurityConfig.java
+++ b/src/main/java/poomasi/domain/auth/config/SecurityConfig.java
@@ -1,6 +1,8 @@
 package poomasi.domain.auth.config;
 
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,6 +20,9 @@
 import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import poomasi.domain.auth.security.filter.CustomUsernamePasswordAuthenticationFilter;
 import poomasi.domain.auth.security.filter.JwtAuthenticationFilter;
 import poomasi.domain.auth.security.handler.CustomSuccessHandler;
@@ -26,6 +31,9 @@
 import poomasi.domain.auth.security.userdetail.UserDetailsServiceImpl;
 import poomasi.domain.auth.token.util.JwtUtil;
 
+import java.util.Arrays;
+import java.util.Collections;
+
 
 @AllArgsConstructor
 @Configuration
@@ -38,6 +46,7 @@ public class SecurityConfig {
     private final MvcRequestMatcher.Builder mvc;
     private final CustomSuccessHandler customSuccessHandler;
     private final UserDetailsServiceImpl userDetailsService;
+    private final CorsConfigurationSource corsConfigurationSource;
 
     @Autowired
     private OAuth2UserDetailServiceImpl oAuth2UserDetailServiceImpl;
@@ -60,8 +69,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         //csrf 해제
         http.csrf(AbstractHttpConfigurer::disable);
 
-        //cors 해제
-        http.cors(AbstractHttpConfigurer::disable);
+        //cors 설정
+        http.cors(cors -> cors
+                .configurationSource(corsConfigurationSource));
 
         //세션 해제
         http.sessionManagement((session) -> session