Merge pull request #140 from minseok1015/dev

feat : security config 추가
IT-Pick · Aug 19, 2024 · 20ee737 · 20ee737
2 parents 8bcc31c + e0a6245
commit 20ee737
Showing 1 changed file with 19 additions and 17 deletions.
diff --git a/src/main/java/store/itpick/backend/config/SecurityConfig.java b/src/main/java/store/itpick/backend/config/SecurityConfig.java
@@ -31,28 +31,30 @@ public PasswordEncoder passwordEncoder() {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         http
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)  // CSRF 보호 비활성화
                 .cors(withDefaults())  // CORS 설정 추가
-                .formLogin(FormLoginConfigurer::disable)
+                .formLogin(FormLoginConfigurer::disable)  // 폼 로그인 비활성화
                 .sessionManagement(sessionManagement ->
-                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)  // 세션 관리 정책 설정
                 );
 
+
         return http.build();
     }
 
-//    @Bean
-//    public CorsFilter corsFilter() {
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        CorsConfiguration config = new CorsConfiguration();
-//        config.setAllowCredentials(true);
-//        config.addAllowedOrigin("https://itpick.netlify.app");
-//        config.addAllowedOrigin("http://localhost:3000");
-//        config.addAllowedOrigin("http://localhost:5173");
-//        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
-//        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
-//        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
-//        source.registerCorsConfiguration("/**", config);
-//        return new CorsFilter(source);
-//    }
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("https://itpick.netlify.app");
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("http://localhost:5173");
+        config.addAllowedOrigin("https://localhost:5173");
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
+        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
 }