From 83a0f796677ed2b369545c44ebd09beb018f1b48 Mon Sep 17 00:00:00 2001 From: JaeSeo Yang <96044622+psychology50@users.noreply.github.com> Date: Thu, 16 Nov 2023 03:05:49 +0900 Subject: [PATCH] add forwardedHeaderFilter --- .../io/oopy/coding/common/config/security/SecurityConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java b/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java index 994b1fe..05c7224 100644 --- a/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java +++ b/src/main/java/io/oopy/coding/common/config/security/SecurityConfig.java @@ -64,7 +64,7 @@ public AuthenticationEntryPoint authenticationEntryPoint() { public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) - .cors((cors) -> cors.configurationSource(corsConfigurationSource())) + .cors(httpSecurityCorsConfigurer -> corsConfigurationSource()) .formLogin(AbstractHttpConfigurer::disable) .logout(AbstractHttpConfigurer::disable) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) @@ -97,7 +97,7 @@ CorsConfigurationSource corsConfigurationSource() { configuration.setAllowedMethods(List.of("GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE")); configuration.setAllowedHeaders(List.of("*")); configuration.setMaxAge(3600L); - configuration.setExposedHeaders(List.of(SET_COOKIE, AUTHORIZATION, AuthConstants.REFRESH_TOKEN.getValue())); + configuration.setExposedHeaders(List.of(SET_COOKIE, "accessToken", AuthConstants.REFRESH_TOKEN.getValue())); configuration.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration);