Merge pull request #197 from cathaaaaand/dev

fix: cors 수정
cathaaaaand · May 13, 2024 · f657ac1 · f657ac1
2 parents 6fb4dad + ceeae5b
commit f657ac1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 37 deletions.
diff --git a/src/main/java/dnaaaaahtac/wooriforei/domain/auth/controller/AuthController.java b/src/main/java/dnaaaaahtac/wooriforei/domain/auth/controller/AuthController.java
@@ -40,13 +40,15 @@ public ResponseEntity<CommonResponse<LoginResponseDTO>> login(
         LoginResponseDTO loginResponseDTO = authService.login(requestDTO);
         String jwtToken = jwtUtil.createToken(loginResponseDTO.getUserId().toString());
 
+/*
         // 토큰을 쿠키에 저장
         Cookie authCookie = new Cookie("Authorization", jwtToken);
         authCookie.setHttpOnly(true); // 쿠키를 HTTP 통신에서만 사용하도록 설정
         authCookie.setSecure(true); // HTTPS를 통해서만 쿠키 전송
         authCookie.setPath("/"); // 쿠키가 전송되는 경로
         authCookie.setMaxAge(7 * 24 * 60 * 60); // 쿠키의 만료 시간 설정 (예: 7일)
         response.addCookie(authCookie); // 응답에 쿠키 추가
+*/
 
         response.setHeader(HttpHeaders.AUTHORIZATION, jwtToken);
 

diff --git a/src/main/java/dnaaaaahtac/wooriforei/global/config/WebSecurityConfig.java b/src/main/java/dnaaaaahtac/wooriforei/global/config/WebSecurityConfig.java
@@ -6,7 +6,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -16,10 +15,6 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-
-import java.util.Arrays;
-import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
@@ -40,42 +35,11 @@ public JwtAuthorizationFilter jwtAuthorizationFilter() {
         return new JwtAuthorizationFilter(jwtUtil, userDetailsService);
     }
 
-/*    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowCredentials(true);
-        configuration.setAllowedOrigins(Collections.singletonList("*")); // 모든 출처 허용
-        configuration.setAllowedMethods(Collections.singletonList("*")); // 모든 메서드 허용
-        configuration.setAllowedHeaders(Collections.singletonList("*")); // 모든 헤더 허용
-        configuration.addExposedHeader("Authorization");
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-
-        return source;
-    }*/
-
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
                 .csrf(AbstractHttpConfigurer::disable)
-                .cors(corsCustomize -> corsCustomize.configurationSource(request -> {
-                    CorsConfiguration config = new CorsConfiguration();
-                    config.setAllowCredentials(true);
-                    config.setAllowedOriginPatterns(Arrays.asList(
-                            "https://www.wooriforei.info",
-                            "https://cat.wooriforei.info",
-                            "http://localhost:3000"
-                    ));
-                    config.addAllowedMethod(HttpMethod.OPTIONS);
-                    config.addAllowedMethod(HttpMethod.GET);
-                    config.addAllowedMethod(HttpMethod.POST);
-                    config.addAllowedMethod(HttpMethod.PUT);
-                    config.addAllowedMethod(HttpMethod.DELETE);
-                    config.addAllowedHeader("Authorization, Content-Type, Accept");
-                    config.setMaxAge(3600L);
-                    return config;
-                }))
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/api/schedulers/**").authenticated()