From 9712c8224f6219df978e849ca1a8b806160b9ffe Mon Sep 17 00:00:00 2001 From: sonsumin Date: Fri, 22 Nov 2024 15:33:07 +0900 Subject: [PATCH] =?UTF-8?q?[#2]=F0=9F=90=9BFix:=20CORS=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/auth/config/SecurityConfig.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/main/java/univ/yesummit/global/auth/config/SecurityConfig.java b/src/main/java/univ/yesummit/global/auth/config/SecurityConfig.java index e386f7e..ea9a55d 100644 --- a/src/main/java/univ/yesummit/global/auth/config/SecurityConfig.java +++ b/src/main/java/univ/yesummit/global/auth/config/SecurityConfig.java @@ -63,10 +63,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .formLogin(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) - // iframe 차단 - .headers(header -> header.frameOptions( - HeadersConfigurer.FrameOptionsConfig::sameOrigin - )) +// // iframe 차단 +// .headers(header -> header.frameOptions( +// HeadersConfigurer.FrameOptionsConfig::sameOrigin +// )) // session 사용 중지 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) @@ -99,15 +99,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .build(); } - @Value("${cors.allowed-origins:http://localhost:3000}") - private List allowOriginList; +// @Value("${cors.allowed-origins") +// private List allowOriginList; @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(allowOriginList); // 허용할 Origin 추가 - configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); - configuration.setAllowedHeaders(List.of("*")); + configuration.addAllowedOrigin("http://localhost:3000"); // 클라이언트 주소 + configuration.addAllowedMethod("*"); + configuration.addAllowedHeader("*"); configuration.setAllowCredentials(true); configuration.addExposedHeader("Authorization"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();