From afc9f76cf11d310945fa3272c492489b1786dde0 Mon Sep 17 00:00:00 2001 From: Jung-kr Date: Tue, 1 Jul 2025 17:46:46 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20cors=20=EC=84=A4=EC=A0=95=20security?= =?UTF-8?q?=20config=20=ED=8C=8C=EC=9D=BC=EB=A1=9C=20=ED=86=B5=EC=9D=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../backend/global/config/CorsConfig.java | 27 ------------------- .../backend/global/config/SecurityConfig.java | 8 +++--- 2 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 src/main/java/dev/codehouse/backend/global/config/CorsConfig.java diff --git a/src/main/java/dev/codehouse/backend/global/config/CorsConfig.java b/src/main/java/dev/codehouse/backend/global/config/CorsConfig.java deleted file mode 100644 index e05c1b6..0000000 --- a/src/main/java/dev/codehouse/backend/global/config/CorsConfig.java +++ /dev/null @@ -1,27 +0,0 @@ -package dev.codehouse.backend.global.config; - -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.config.annotation.CorsRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; - -@Configuration -public class CorsConfig { - - @Value("${cors.allowed-origins}") - private String allowedOrigins; - - @Bean - public WebMvcConfigurer corsConfigurer() { - return new WebMvcConfigurer() { - @Override - public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") - .allowedOrigins(allowedOrigins.replace(" ", "").split(",")) - .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS") - .allowCredentials(true); - } - }; - } -} diff --git a/src/main/java/dev/codehouse/backend/global/config/SecurityConfig.java b/src/main/java/dev/codehouse/backend/global/config/SecurityConfig.java index 2ade635..db20995 100644 --- a/src/main/java/dev/codehouse/backend/global/config/SecurityConfig.java +++ b/src/main/java/dev/codehouse/backend/global/config/SecurityConfig.java @@ -2,6 +2,7 @@ import dev.codehouse.backend.global.security.JwtAuthenticationFilter; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; @@ -20,11 +21,12 @@ @RequiredArgsConstructor public class SecurityConfig { + @Value("${cors.allowed-origins}") + private String allowedOrigins; private final JwtAuthenticationFilter jwtAuthenticationFilter; + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - //임시 설정 -// http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); http.csrf(AbstractHttpConfigurer::disable) .cors(cors -> cors.configurationSource(corsConfigurationSource())) .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) @@ -46,7 +48,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000")); + configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.replace(" ", "").split(","))); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type")); configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));