From 003c850ac23a051d4d9898a17fea3a22f249ea99 Mon Sep 17 00:00:00 2001 From: rlarlgnszx Date: Wed, 25 Sep 2024 18:55:04 +0900 Subject: [PATCH] [fix] CORS (#351) --- .../app/common/config/WebSecurityConfig.java | 41 +++++++++++-------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/sopt/app/common/config/WebSecurityConfig.java b/src/main/java/org/sopt/app/common/config/WebSecurityConfig.java index 97f8dcf0..6944be42 100755 --- a/src/main/java/org/sopt/app/common/config/WebSecurityConfig.java +++ b/src/main/java/org/sopt/app/common/config/WebSecurityConfig.java @@ -1,6 +1,8 @@ package org.sopt.app.common.config; import jakarta.servlet.http.HttpServletResponse; +import java.util.Arrays; +import java.util.Collections; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; @@ -12,6 +14,11 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.firewall.DefaultHttpFirewall; +import org.springframework.security.web.firewall.HttpFirewall; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @RequiredArgsConstructor @EnableWebSecurity @@ -43,7 +50,7 @@ public class WebSecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) - .cors(AbstractHttpConfigurer::disable) + .cors(cors-> cors.configurationSource(customconfigurationSource())) .httpBasic(AbstractHttpConfigurer::disable) .requestCache(RequestCacheConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) @@ -66,22 +73,20 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.build(); } -// @Bean -// public HttpFirewall defaultHttpFirewall() { -// return new DefaultHttpFirewall(); -// } + @Bean + public HttpFirewall defaultHttpFirewall() { + return new DefaultHttpFirewall(); + } -// @Bean -// public CorsConfigurationSource configurationSource() { -// CorsConfiguration configuration = new CorsConfiguration(); -// configuration.applyPermitDefaultValues(); -// configuration.setAllowPrivateNetwork(true); -// configuration.setAllowedHeaders(Collections.singletonList("*")); -// configuration.setAllowedMethods(Collections.singletonList("*")); -// configuration.setAllowedOriginPatterns(Arrays.asList("*", domain, "https://localhost:8080")); -// configuration.setAllowCredentials(true); -// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); -// source.registerCorsConfiguration("/**", configuration); -// return source; -// } + @Bean + public CorsConfigurationSource customconfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedHeaders(Collections.singletonList("*")); + configuration.setAllowedMethods(Arrays.asList("HEAD", "POST", "GET", "DELETE", "PUT", "UPDATE", "OPTIONS")); + configuration.setAllowedOriginPatterns(Arrays.asList("*")); + configuration.setAllowCredentials(false); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } }