Skip to content

Commit

Permalink
[MERGE] Cors 처리 (#351) (#354)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rlarlgnszx
rlarlgnszx authored Sep 25, 2024
2 parents 7581a70 + 52a81f6 commit 194b6d4
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions src/main/java/org/sopt/app/common/config/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
Expand All @@ -22,7 +23,8 @@
@EnableWebSecurity
@Configuration
public class WebSecurityConfig {

@Value("${app.base.url}")
private String domain;
private static final String[] SwaggerPatterns = {
"/docs/**",
"/swagger-resources/**",
Expand All @@ -47,7 +49,7 @@ public class WebSecurityConfig {
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.cors(cors-> cors.configurationSource(configurationSource()))
.cors(cors-> cors.configurationSource(this.configurationSource()))
.httpBasic(AbstractHttpConfigurer::disable)
.requestCache(RequestCacheConfigurer::disable)
.formLogin(AbstractHttpConfigurer::disable)
Expand Down Expand Up @@ -79,9 +81,8 @@ public HttpFirewall defaultHttpFirewall() {
public CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();

configuration.setAllowedOriginPatterns(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE"));
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
configuration.setAllowedOriginPatterns(Arrays.asList(domain));
configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "UPDATE", "PATCH"));
configuration.setAllowCredentials(true);

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
Expand Down

0 comments on commit 194b6d4

Please sign in to comment.