From 0fbe2bc3c9a0fd3bb076e56a2558d4439aa97f3d Mon Sep 17 00:00:00 2001 From: Wo-ogie Date: Mon, 15 Apr 2024 23:47:51 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20CORS=20=ED=97=88=EC=9A=A9=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../hertz/common/config/SecurityConfig.java | 26 ++++++++++++++++++- src/main/resources/application.properties | 3 +++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java b/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java index ddf7eb9..94f5037 100644 --- a/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java +++ b/src/main/java/com/ajou/hertz/common/config/SecurityConfig.java @@ -3,8 +3,10 @@ import static org.springframework.http.HttpMethod.*; import java.util.HashMap; +import java.util.List; import java.util.Map; +import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -18,6 +20,8 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; import com.ajou.hertz.common.auth.JwtAccessDeniedHandler; import com.ajou.hertz.common.auth.JwtAuthenticationEntryPoint; @@ -65,12 +69,32 @@ public class SecurityConfig { } @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain securityFilterChain( + HttpSecurity http, + @Value("${hertz.web.url}") String hertzWebUrl, + @Value("${hertz.server.url}") String hertzServerUrl + ) throws Exception { return http .csrf(CsrfConfigurer::disable) .httpBasic(HttpBasicConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .cors(corsconfigurer -> { + CorsConfigurationSource corsConfigSrc = request -> { + CorsConfiguration corsConfig = new CorsConfiguration(); + corsConfig.setAllowCredentials(true); + corsConfig.setAllowedOrigins(List.of( + "http://localhost", "http://localhost:8080", + hertzWebUrl, hertzServerUrl + )); + corsConfig.setAllowedMethods( + List.of(GET.name(), POST.name(), PUT.name(), DELETE.name(), PATCH.name(), OPTIONS.name())); + corsConfig.setAllowedHeaders(List.of("*")); + corsConfig.setExposedHeaders(List.of("*")); + return corsConfig; + }; + corsconfigurer.configurationSource(corsConfigSrc); + }) .authorizeHttpRequests(auth -> { auth.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); auth.requestMatchers(AUTH_WHITE_PATHS).permitAll(); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index db2c01e..a32a9ad 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,6 +1,9 @@ hertz.app-version=0.0.1 hertz.user-default-profile-image-url=${USER_DEFAULT_PROFILE_IMAGE} +hertz.web.url=${HERTZ_WEB_URL} +hertz.server.url=${HERTZ_SERVER_URL} + jwt.secret-key=${JWT_SECRET_KEY} springdoc.swagger-ui.operations-sorter=method