From 1cf864b3b8ea11f0b481b802271afc5b469f8b63 Mon Sep 17 00:00:00 2001
From: soomanbaek <qortnaks311@gmail.com>
Date: Thu, 10 Aug 2023 17:16:27 +0900
Subject: [PATCH] =?UTF-8?q?setting:=20cors=20=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../toquiz/config/secure/SecurityConfig.java  | 26 ++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/main/java/blacktokkies/toquiz/config/secure/SecurityConfig.java b/src/main/java/blacktokkies/toquiz/config/secure/SecurityConfig.java
index a8e88cf..f5284a8 100644
--- a/src/main/java/blacktokkies/toquiz/config/secure/SecurityConfig.java
+++ b/src/main/java/blacktokkies/toquiz/config/secure/SecurityConfig.java
@@ -10,6 +10,11 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
@@ -17,14 +22,30 @@
 public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthFilter;
     private final AuthenticationProvider authenticationProvider;
-    private final CustomAccessDeniedHandler customAccessDeniedHandler;
     private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
 
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+            .httpBasic().disable()
             .csrf()
-            .disable();
+            .disable()
+            .cors()
+            .configurationSource(corsConfigurationSource());
 
         http.authorizeHttpRequests()
             .requestMatchers(
@@ -37,7 +58,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .authenticated();
 
         http.exceptionHandling()
-            .accessDeniedHandler(customAccessDeniedHandler)
             .authenticationEntryPoint(customAuthenticationEntryPoint);
 
         http.sessionManagement()