diff --git a/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java b/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java index 68f717b..bb67cf1 100644 --- a/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java +++ b/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java @@ -20,6 +20,11 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @RequiredArgsConstructor @Configuration @@ -36,7 +41,7 @@ public class WebSecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) - .cors(AbstractHttpConfigurer::disable) // TODO :: 프론트 배포 뒤 CORS 설정 + .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource())) .httpBasic(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .logout(AbstractHttpConfigurer::disable) @@ -79,4 +84,20 @@ public WebSecurityCustomizer webSecurityCustomizer() { .requestMatchers("/error", "/favicon.ico", "/swagger-ui/**", "/api-docs/**"); } -} \ No newline at end of file + + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOriginPatterns(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("HEAD", "POST", "GET", "DELETE", "PUT")); + configuration.setAllowedHeaders(Arrays.asList("*")); + configuration.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } + +}