[FIX] CORS 처리 Nginx 위임

sopt-makers · Dec 2, 2024 · 6988e58 · 6988e58
1 parent fdb86ed
commit 6988e58
Showing 1 changed file with 33 additions and 19 deletions.
diff --git a/operation-auth/src/main/java/org/sopt/makers/operation/config/SecurityConfig.java b/operation-auth/src/main/java/org/sopt/makers/operation/config/SecurityConfig.java
@@ -19,6 +19,8 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.List;
+
 @RequiredArgsConstructor
 @EnableWebSecurity
 @Configuration
@@ -59,8 +61,9 @@ private void setHttp(HttpSecurity http) throws Exception {
         http.httpBasic().disable()
                 .csrf().disable()
                 .formLogin().disable()
-                .cors().configurationSource(corsConfigurationSource())
-                .and()
+                .cors().disable()
+//                .cors().configurationSource(corsConfigurationSource())
+//                .and()
                 .authorizeHttpRequests(authorizeHttpRequests ->
                         authorizeHttpRequests
                                 .requestMatchers(new AntPathRequestMatcher(AUTH_PATH_PATTERN)).permitAll()
@@ -74,21 +77,32 @@ private void setHttp(HttpSecurity http) throws Exception {
                 .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class);
     }
 
-    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        val configuration = new CorsConfiguration();
-
-        configuration.addAllowedOrigin(valueConfig.getADMIN_PROD_URL());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_DEV_URL());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_LOCAL_URL());
-        configuration.addAllowedHeader("*");
-        configuration.addAllowedMethod("*");
-        configuration.setAllowCredentials(true);
-
-        val source = new UrlBasedCorsConfigurationSource();
-
-        source.registerCorsConfiguration("/**", configuration);
-
-        return source;
-    }
+//    @Bean
+//    public CorsConfigurationSource corsConfigurationSource() {
+//        val configuration = new CorsConfiguration();
+//        configuration.setAllowedOrigins(List.of(
+//                valueConfig.getADMIN_PROD_URL(),
+//                valueConfig.getADMIN_DEV_URL(),
+//                valueConfig.getADMIN_LOCAL_URL()
+//        ));
+//        configuration.setAllowedMethods(List.of("HEAD", "GET", "POST", "PUT", "DELETE", "OPTIONS"));
+//        configuration.setAllowedHeaders(List.of(
+//                "Authorization",
+//                "Cache-Control",
+//                "Content-Type",
+//                "Accept"));
+//        configuration.setExposedHeaders(List.of("Authorization","Set-Cookie"));
+////        configuration.addAllowedOrigin(valueConfig.getADMIN_PROD_URL());
+////        configuration.addAllowedOrigin(valueConfig.getADMIN_DEV_URL());
+////        configuration.addAllowedOrigin(valueConfig.getADMIN_LOCAL_URL());
+////        configuration.addAllowedHeader("*");
+////        configuration.addAllowedMethod("*");
+//        configuration.setAllowCredentials(true);
+//
+//        val source = new UrlBasedCorsConfigurationSource();
+//
+//        source.registerCorsConfiguration("/**", configuration);
+//
+//        return source;
+//    }
 }