Merge pull request #40 from goormthon-Univ/dev

[Fix] CORS 수정
9oormthon-univ · Mar 23, 2024 · bed1066 · bed1066
2 parents e58279b + a1e0b1c
commit bed1066
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 6 deletions.
diff --git a/src/main/java/com/groom/wisebab/config/CorsFilter.java b/src/main/java/com/groom/wisebab/config/CorsFilter.java
@@ -0,0 +1,44 @@
+package com.groom.wisebab.config;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) res;
+
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Methods","*");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Headers",
+                "Origin, X-Requested-With, Content-Type, Accept, Authorization");
+
+        if("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+            response.setStatus(HttpServletResponse.SC_OK);
+        }else {
+            chain.doFilter(req, res);
+        }
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}
diff --git a/src/main/java/com/groom/wisebab/config/CorsMvcConfig.java b/src/main/java/com/groom/wisebab/config/CorsMvcConfig.java
@@ -11,9 +11,6 @@ public class CorsMvcConfig implements WebMvcConfigurer {
     public void addCorsMappings(CorsRegistry corsRegistry) {
 
         corsRegistry.addMapping("/**")
-                .allowedOrigins("*")
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH")
-                .allowedHeaders("*");
+                .allowedOrigins("http://localhost:3000");
     }
-
 }
diff --git a/src/main/java/com/groom/wisebab/config/SecurityConfig.java b/src/main/java/com/groom/wisebab/config/SecurityConfig.java
@@ -61,7 +61,7 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
 
                         CorsConfiguration configuration = new CorsConfiguration();
 
-                        configuration.setAllowedOrigins(Collections.singletonList("*"));
+                        configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
                         configuration.setAllowedMethods(Collections.singletonList("*"));
                         configuration.setAllowCredentials(true);
                         configuration.setAllowedHeaders(Collections.singletonList("*"));
@@ -72,7 +72,6 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
                         return configuration;
                     }
                 })));
-
         //csrf disable
         http
                 .csrf((auth) -> auth.disable());