chore: cors origin 세팅

KeunSori · Feb 9, 2025 · 7da33cb · 7da33cb
1 parent 46eadf0
commit 7da33cb
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 16 deletions.
diff --git a/src/main/java/com/keunsori/keunsoriserver/global/config/SecurityConfig.java b/src/main/java/com/keunsori/keunsoriserver/global/config/SecurityConfig.java
@@ -1,5 +1,10 @@
 package com.keunsori.keunsoriserver.global.config;
 
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.DEV_URL;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_1;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_2;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_3;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.PROD_URL;
 import static org.springframework.http.HttpHeaders.SET_COOKIE;
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -14,6 +19,7 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -39,7 +45,7 @@ public PasswordEncoder passwordEncoder() {
     public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthenticationFilter jwtAuthenticationFilter) throws Exception {
        http
                .cors(withDefaults())
-               .csrf(csrf -> csrf.disable())  // CSRF 비활성화
+               .csrf(AbstractHttpConfigurer::disable)  // CSRF 비활성화
                .sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))  // 세션 사용 안함
                .authorizeHttpRequests(auth -> auth
@@ -68,13 +74,13 @@ public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
         configuration.setAllowedOriginPatterns(List.of(
-            "*"
+            LOCAL_URL_1, LOCAL_URL_2, LOCAL_URL_3, DEV_URL, PROD_URL
         ));
 
         configuration.addAllowedHeader("*");
         configuration.addAllowedMethod("*");
-        //configuration.setAllowCredentials(true);
-        configuration.addExposedHeader(SET_COOKIE);
+        configuration.setAllowCredentials(true);
+//        configuration.addExposedHeader(SET_COOKIE);
         configuration.addExposedHeader("Refresh-Token");
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

diff --git a/src/main/java/com/keunsori/keunsoriserver/global/config/WebConfig.java b/src/main/java/com/keunsori/keunsoriserver/global/config/WebConfig.java
@@ -1,22 +1,26 @@
 package com.keunsori.keunsoriserver.global.config;
 
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.DEV_URL;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_1;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_2;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.LOCAL_URL_3;
+import static com.keunsori.keunsoriserver.global.constant.EnvironmentConstant.PROD_URL;
+
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins("*")
-                //.allowedMethods("GET","POST","PUT","DELETE", "OPTIONS")
-                .allowedMethods("*")
-                //.allowedHeaders("Authorization", "Content-Type")
-                .allowedHeaders("*")
-                .exposedHeaders("Refresh-Token")
-                //.allowCredentials("true")->도메인 정해지면 활성화
-                .maxAge(3600);
-    }
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/**")
+//                .allowedOrigins(LOCAL_URL_1, LOCAL_URL_2, LOCAL_URL_3, DEV_URL, PROD_URL)
+//                .allowedMethods("*")
+//                .allowedHeaders("*")
+//                .exposedHeaders("Refresh-Token")
+//                .allowCredentials(true)
+//                .maxAge(3600);
+//    }
 }
diff --git a/src/main/java/com/keunsori/keunsoriserver/global/constant/EnvironmentConstant.java b/src/main/java/com/keunsori/keunsoriserver/global/constant/EnvironmentConstant.java
@@ -0,0 +1,12 @@
+package com.keunsori.keunsoriserver.global.constant;
+
+public class EnvironmentConstant {
+
+    public static final String LOCAL_URL_1 = "http://localhost:5173";
+    public static final String LOCAL_URL_2 = "http://localhost:5174";
+    public static final String LOCAL_URL_3 = "http://localhost:8080";
+
+    public static final String DEV_URL = "https://keun-develop.vercel.app";
+
+    public static final String PROD_URL = "https://keun-sori-web.vercel.app";
+}