[FIX] cors 설정 변경

Open-Eye-Im-Developer · Feb 19, 2024 · 5d32956 · 5d32956
1 parent ab97c06
commit 5d32956
Showing 1 changed file with 17 additions and 10 deletions.
diff --git a/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java b/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java
@@ -5,7 +5,6 @@
 import io.oeid.mogakgo.domain.auth.jwt.JwtAuthenticationFilter;
 import io.oeid.mogakgo.domain.auth.oauth.GithubOAuth2UserService;
 import io.oeid.mogakgo.domain.auth.oauth.OAuth2AuthenticationSuccessHandler;
-import java.util.Collections;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -19,6 +18,8 @@
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @EnableWebSecurity
 @Configuration
@@ -46,15 +47,6 @@ public SecurityConfig(GithubOAuth2UserService oAuth2UserService,
     SecurityFilterChain filterChainApi(HttpSecurity http) throws Exception {
         configureCommonSecuritySettings(http);
         return http
-            .cors(corsCustomizer -> corsCustomizer.configurationSource(request -> {
-                CorsConfiguration config = new CorsConfiguration();
-                config.setAllowedOrigins(Collections.singletonList("*"));
-                config.setAllowedMethods(Collections.singletonList("*"));
-                config.setAllowCredentials(true);
-                config.setAllowedHeaders(Collections.singletonList("*"));
-                config.setMaxAge(3600L); //1시간
-                return config;
-            }))
             .securityMatchers(matchers -> matchers.requestMatchers("/api/**"))
             .sessionManagement(
                 management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@@ -67,6 +59,20 @@ SecurityFilterChain filterChainApi(HttpSecurity http) throws Exception {
             .build();
     }
 
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.addAllowedOrigin("*");
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     @Bean
     public SecurityFilterChain filterChainOAuth2(HttpSecurity http) throws Exception {
         configureCommonSecuritySettings(http);
@@ -81,6 +87,7 @@ public SecurityFilterChain filterChainOAuth2(HttpSecurity http) throws Exception
 
     private void configureCommonSecuritySettings(HttpSecurity httpSecurity) throws Exception {
         httpSecurity
+            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
             .httpBasic(AbstractHttpConfigurer::disable)
             .csrf(AbstractHttpConfigurer::disable)
             .formLogin(AbstractHttpConfigurer::disable)