Merge pull request #168 from kakao-tech-campus-2nd-step3/fix/#150-ref…

…reshTokenCookie [fix] credential request를 기반한 cors 설정
kakao-tech-campus-2nd-step3 · Nov 14, 2024 · 7d66efe · 7d66efe
2 parents 06e54a0 + 7968faa
commit 7d66efe
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/src/main/java/team7/inplace/security/config/CorsConfig.java b/src/main/java/team7/inplace/security/config/CorsConfig.java
@@ -16,8 +16,20 @@ public CorsFilter corsFilter() {
         config.setAllowCredentials(true);
         config.addAllowedOrigin("https://www.inplace.my");
         config.addAllowedOriginPattern("https://api.inplace.my");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
+        config.addAllowedHeader("Origin");
+        config.addAllowedHeader("Accept");
+        config.addAllowedHeader("X-Requested-With");
+        config.addAllowedHeader("Content-Type");
+        config.addAllowedHeader("Access-Control-Request-Method");
+        config.addAllowedHeader("Access-Control-Request-Headers");
+        config.addAllowedHeader("Authorization");
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("OPTIONS");
+        config.addAllowedHeader("PATCH");
+        config.addAllowedMethod("HEAD");
         source.registerCorsConfiguration("/**", config);
         return new CorsFilter(source);
     }