From 121cf8a9c2ad979830032745e7ea7f05d23684e5 Mon Sep 17 00:00:00 2001
From: gaguriee <74501631+gaguriee@users.noreply.github.com>
Date: Mon, 29 Jul 2024 01:57:26 +0900
Subject: [PATCH] FIX : cors config

---
 .../config/WebSecurityConfig.java             | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java b/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java
index 68f717b..bb67cf1 100644
--- a/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java
+++ b/src/main/java/com/fledge/fledgeserver/config/WebSecurityConfig.java
@@ -20,6 +20,11 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 @RequiredArgsConstructor
 @Configuration
@@ -36,7 +41,7 @@ public class WebSecurityConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .csrf(AbstractHttpConfigurer::disable)
-                .cors(AbstractHttpConfigurer::disable) // TODO :: 프론트 배포 뒤 CORS 설정
+                .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
                 .httpBasic(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .logout(AbstractHttpConfigurer::disable)
@@ -79,4 +84,20 @@ public WebSecurityCustomizer webSecurityCustomizer() {
                 .requestMatchers("/error", "/favicon.ico", "/swagger-ui/**", "/api-docs/**");
 
     }
-}
\ No newline at end of file
+
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("HEAD", "POST", "GET", "DELETE", "PUT"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
+}