setting: cors 설정

src/main/java/blacktokkies/toquiz/config/secure/SecurityConfig.java

@@ -10,21 +10,42 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
  private final JwtAuthenticationFilter jwtAuthFilter;
  private final AuthenticationProvider authenticationProvider;
- private final CustomAccessDeniedHandler customAccessDeniedHandler;
  private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
 
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ CorsConfiguration configuration = new CorsConfiguration();
+
+ configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
+ configuration.addAllowedHeader("*");
+ configuration.addAllowedMethod("*");
+ configuration.setAllowCredentials(true);
+
+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", configuration);
+ return source;
+ }
+
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  http
+ .httpBasic().disable()
  .csrf()
- .disable();
+ .disable()
+ .cors()
+ .configurationSource(corsConfigurationSource());
 
  http.authorizeHttpRequests()
  .requestMatchers(
@@ -37,7 +58,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
  .authenticated();
 
  http.exceptionHandling()
- .accessDeniedHandler(customAccessDeniedHandler)
  .authenticationEntryPoint(customAuthenticationEntryPoint);
 
  http.sessionManagement()