From c192ffca13c30d5fea403bc24187851f8842aafe Mon Sep 17 00:00:00 2001 From: eom-tae-in Date: Fri, 16 Aug 2024 17:44:15 +0900 Subject: [PATCH] =?UTF-8?q?refactor:=20CORS=20=EC=84=A4=EC=A0=95=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/atwoz/global/config/filter/CorsCustomFilter.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java index ebeaaa23..196b003a 100644 --- a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java +++ b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java @@ -19,9 +19,10 @@ protected void doFilterInternal(final HttpServletRequest request, final FilterChain filterChain) throws ServletException, IOException { response.setHeader("Access-Control-Allow-Origin", ALLOWED_ORIGIN_ADDRESS); response.setHeader("Access-Control-Allow-Credentials", "true"); - response.setHeader("Access-Control-Allow-Methods", "*"); + response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS"); response.setHeader("Access-Control-Max-Age", "3600"); - response.setHeader("Access-Control-Allow-Headers", "*"); + response.setHeader("Access-Control-Allow-Headers", + "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization"); ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(request); ContentCachingResponseWrapper contentCachingResponseWrapper = new ContentCachingResponseWrapper(response);