diff --git a/README.md b/README.md index 7cee267..a5443e0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Team9_BE -9조 백엔드 +9조 백엔드 ## 백엔드 역할 분담 diff --git a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java index 41d97d2..0c3a8a2 100644 --- a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java +++ b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java @@ -4,6 +4,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -71,8 +72,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.sessionManagement((session) -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS)); http.cors((cors) -> cors.configurationSource(corsConfigurationSource())); + http.authorizeHttpRequests((authorize) -> authorize + .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() .requestMatchers( "/swagger-ui/**", "/swagger-resources", @@ -98,7 +101,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http//localhost:3000")); + configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http://localhost:3000")); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers")); configuration.setAllowCredentials(true);