fix : CORS 설정 변경

Author: bumooo

api/src/main/java/com/mbtips/common/controller/HealthCheckController.java

@@ -9,7 +9,6 @@
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/health-check")
-@CrossOrigin(origins = "*", allowedHeaders = "*", methods = {RequestMethod.GET})
 @Tag(name = "L7 health-check", description = "L7 health-check API")
 public class HealthCheckController {
 

core/src/main/java/com/mbtips/common/configuration/SecurityConfiguration.java

@@ -35,7 +35,7 @@ public class SecurityConfiguration {
     @Bean
     public SecurityFilterChain configure(HttpSecurity http) throws Exception {
         return http.csrf(AbstractHttpConfigurer::disable)
-                .cors(Customizer.withDefaults())
+                .cors(cors -> cors.configurationSource(corsConfiguration()))
                 .sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
                 .formLogin(AbstractHttpConfigurer::disable)
                 .addFilterBefore(new JwtAuthenticationFilter(jwtProvider, objectMapper), UsernamePasswordAuthenticationFilter.class)
@@ -49,6 +49,7 @@ public CorsConfigurationSource corsConfiguration() {
         corsConfiguration.setAllowedOrigins(List.of(
                 "*"
         ));
+        corsConfiguration.setAllowCredentials(false);
         corsConfiguration.setAllowedHeaders(List.of("*"));
         corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH"));
         UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();