프론트 도메인 CORS 허용 완료 (#707)

* chore: SecurityConfig 설정 변경 (도메인 허용, 헤더 허용) * chore: SecurityConfig 설정 변경 (도메인 허용, 헤더 허용)
JECT-Study · Nov 12, 2024 · 32343d2 · 32343d2
1 parent f8260d3
commit 32343d2
Showing 1 changed file with 22 additions and 3 deletions.
diff --git a/src/main/java/balancetalk/global/config/SecurityConfig.java b/src/main/java/balancetalk/global/config/SecurityConfig.java
@@ -76,9 +76,28 @@ CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.addAllowedOriginPattern("http://localhost:8080");
         configuration.addAllowedOriginPattern("http://localhost:3000"); // 프론트 쪽에서 허용
-        configuration.addAllowedOriginPattern("https://balancetalk.kro.kr"); // 도메인 주소
-        configuration.addExposedHeader("Authorization");
-        configuration.addExposedHeader("refreshToken");
+        configuration.addAllowedOriginPattern("https://pick0.com"); // 도메인 주소
+        configuration.addAllowedOriginPattern("https://api.pick0.com"); // 도메인 주소
+        configuration.addAllowedHeader("Accept");
+        configuration.addAllowedHeader("Authorization");
+        configuration.addAllowedHeader("refreshToken");
+        configuration.addAllowedHeader("accessToken");
+        configuration.addAllowedHeader("Content-Type");
+        configuration.addAllowedHeader("Origin");
+        configuration.addAllowedHeader("Cookie");
+        configuration.addAllowedHeader("X-Requested-With");
+        configuration.addAllowedHeader("Access-Control-Allow-Origin");
+        configuration.addAllowedHeader("Access-Control-Allow-Credentials");
+        configuration.addAllowedHeader("Access-Control-Allow-Methods");
+        configuration.addAllowedHeader("Access-Control-Allow-Headers");
+        configuration.addAllowedHeader("Host");
+        configuration.addAllowedHeader("Connection");
+        configuration.addAllowedHeader("Accept-Encoding");
+        configuration.addAllowedHeader("Accept-Language");
+        configuration.addAllowedHeader("Referer");
+        configuration.addAllowedHeader("User-Agent");
+        configuration.addAllowedHeader("Sec-Fetch-Mode");
+        configuration.addAllowedHeader("Sec-Fetch-Site");;
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE"));
         configuration.setAllowCredentials(true);
         configuration.setMaxAge(MAX_AGE_SEC);