From 7968faa39be1ddb7c946c4465606e347e0533d57 Mon Sep 17 00:00:00 2001
From: suhyeon7497 <nucc1186@gmail.com>
Date: Thu, 14 Nov 2024 19:06:48 +0900
Subject: [PATCH] =?UTF-8?q?[fix]=20credential=20request=EB=A5=BC=20?=
 =?UTF-8?q?=EA=B8=B0=EB=B0=98=ED=95=9C=20cors=20=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

관련 이슈: #150
---
 .../inplace/security/config/CorsConfig.java      | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/main/java/team7/inplace/security/config/CorsConfig.java b/src/main/java/team7/inplace/security/config/CorsConfig.java
index 424a4552..a677572e 100644
--- a/src/main/java/team7/inplace/security/config/CorsConfig.java
+++ b/src/main/java/team7/inplace/security/config/CorsConfig.java
@@ -16,8 +16,20 @@ public CorsFilter corsFilter() {
         config.setAllowCredentials(true);
         config.addAllowedOrigin("https://www.inplace.my");
         config.addAllowedOriginPattern("https://api.inplace.my");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
+        config.addAllowedHeader("Origin");
+        config.addAllowedHeader("Accept");
+        config.addAllowedHeader("X-Requested-With");
+        config.addAllowedHeader("Content-Type");
+        config.addAllowedHeader("Access-Control-Request-Method");
+        config.addAllowedHeader("Access-Control-Request-Headers");
+        config.addAllowedHeader("Authorization");
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("OPTIONS");
+        config.addAllowedHeader("PATCH");
+        config.addAllowedMethod("HEAD");
         source.registerCorsConfiguration("/**", config);
         return new CorsFilter(source);
     }