chore: CORS 허용 설정 추가

Ajou-Hertz · Apr 15, 2024 · 0fbe2bc · 0fbe2bc
1 parent 7370502
commit 0fbe2bc
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java b/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java
@@ -3,8 +3,10 @@
 import static org.springframework.http.HttpMethod.*;
 
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,6 +20,8 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
 
 import com.ajou.hertz.common.auth.JwtAccessDeniedHandler;
 import com.ajou.hertz.common.auth.JwtAuthenticationEntryPoint;
@@ -65,12 +69,32 @@ public class SecurityConfig {
 	}
 
 	@Bean
-	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+	public SecurityFilterChain securityFilterChain(
+		HttpSecurity http,
+		@Value("${hertz.web.url}") String hertzWebUrl,
+		@Value("${hertz.server.url}") String hertzServerUrl
+	) throws Exception {
 		return http
 			.csrf(CsrfConfigurer::disable)
 			.httpBasic(HttpBasicConfigurer::disable)
 			.formLogin(AbstractHttpConfigurer::disable)
 			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+			.cors(corsconfigurer -> {
+				CorsConfigurationSource corsConfigSrc = request -> {
+					CorsConfiguration corsConfig = new CorsConfiguration();
+					corsConfig.setAllowCredentials(true);
+					corsConfig.setAllowedOrigins(List.of(
+						"http://localhost", "http://localhost:8080",
+						hertzWebUrl, hertzServerUrl
+					));
+					corsConfig.setAllowedMethods(
+						List.of(GET.name(), POST.name(), PUT.name(), DELETE.name(), PATCH.name(), OPTIONS.name()));
+					corsConfig.setAllowedHeaders(List.of("*"));
+					corsConfig.setExposedHeaders(List.of("*"));
+					return corsConfig;
+				};
+				corsconfigurer.configurationSource(corsConfigSrc);
+			})
 			.authorizeHttpRequests(auth -> {
 				auth.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
 				auth.requestMatchers(AUTH_WHITE_PATHS).permitAll();

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -1,6 +1,9 @@
 hertz.app-version=0.0.1
 hertz.user-default-profile-image-url=${USER_DEFAULT_PROFILE_IMAGE}
 
+hertz.web.url=${HERTZ_WEB_URL}
+hertz.server.url=${HERTZ_SERVER_URL}
+
 jwt.secret-key=${JWT_SECRET_KEY}
 
 springdoc.swagger-ui.operations-sorter=method