From e0a6245e2c25f8e642a335e8579305a8084aad8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B9=80=EB=AF=BC=EC=84=9D?= <skyfox001015@naver.com>
Date: Mon, 19 Aug 2024 16:51:17 +0900
Subject: [PATCH] =?UTF-8?q?feat=20:=20security=20config=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../itpick/backend/config/SecurityConfig.java | 36 ++++++++++---------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/main/java/store/itpick/backend/config/SecurityConfig.java b/src/main/java/store/itpick/backend/config/SecurityConfig.java
index 0666772..2167ff1 100644
--- a/src/main/java/store/itpick/backend/config/SecurityConfig.java
+++ b/src/main/java/store/itpick/backend/config/SecurityConfig.java
@@ -31,28 +31,30 @@ public PasswordEncoder passwordEncoder() {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         http
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)  // CSRF 보호 비활성화
                 .cors(withDefaults())  // CORS 설정 추가
-                .formLogin(FormLoginConfigurer::disable)
+                .formLogin(FormLoginConfigurer::disable)  // 폼 로그인 비활성화
                 .sessionManagement(sessionManagement ->
-                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)  // 세션 관리 정책 설정
                 );
 
+
         return http.build();
     }
 
-//    @Bean
-//    public CorsFilter corsFilter() {
-//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//        CorsConfiguration config = new CorsConfiguration();
-//        config.setAllowCredentials(true);
-//        config.addAllowedOrigin("https://itpick.netlify.app");
-//        config.addAllowedOrigin("http://localhost:3000");
-//        config.addAllowedOrigin("http://localhost:5173");
-//        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
-//        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
-//        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
-//        source.registerCorsConfiguration("/**", config);
-//        return new CorsFilter(source);
-//    }
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("https://itpick.netlify.app");
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("http://localhost:5173");
+        config.addAllowedOrigin("https://localhost:5173");
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "Accept", "X-Requested-With"));
+        config.setExposedHeaders(Arrays.asList("Authorization", "location"));
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
 }