From 2de2338eaa4da586015c9efd8cff3f3a74dd2233 Mon Sep 17 00:00:00 2001
From: pywoo <kfdsy0103@naver.com>
Date: Wed, 9 Jul 2025 22:08:22 +0900
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix:=20=ED=94=84=EB=A1=A0?=
 =?UTF-8?q?=ED=8A=B8=20=EB=A1=9C=EC=BB=AC=20=ED=99=98=EA=B2=BD=20Cors=20?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../global/security/SecurityConfig.java         | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java b/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java
index da3f27e..a6c4d42 100644
--- a/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java
+++ b/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java
@@ -19,6 +19,9 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.withtime.be.withtimebe.domain.auth.service.query.TokenStorageQueryService;
 import org.withtime.be.withtimebe.domain.member.service.MemberQueryService;
 import org.withtime.be.withtimebe.global.security.filter.JsonLoginFilter;
@@ -62,6 +65,7 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .accessDeniedHandler(accessDeniedHandler())
                         .authenticationEntryPoint(authenticationEntryPoint())
                 )
+                .cors( cors -> cors.configurationSource(corsConfigurationSource()))
         ;
         return http.build();
     }
@@ -101,4 +105,17 @@ AccessDeniedHandler accessDeniedHandler() {
     PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
+
+    private CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.addAllowedOriginPattern("http://localhost:5173"); // 실배포 주소 나중에 추가
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }