From 05d2d1f9ade452a3fb5af36428c4995fc06f659e Mon Sep 17 00:00:00 2001 From: oxdjww Date: Sat, 11 May 2024 16:31:15 +0900 Subject: [PATCH] fix: cors config --- .../CoffeeChat/config/SecurityConfig.java | 28 ++++++++----------- .../config/swagger/SwaggerConfig.java | 3 +- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java b/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java index d661779..63da433 100644 --- a/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java +++ b/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java @@ -57,25 +57,21 @@ public RoleHierarchy roleHierarchy() { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http - .cors(corsCustomizer -> corsCustomizer.configurationSource(new CorsConfigurationSource() { + .cors(corsCustomizer -> corsCustomizer.configurationSource(request -> { - @Override - public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { + CorsConfiguration configuration = new CorsConfiguration(); - CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000")); //프론트 서버의 주소 + configuration.setAllowedMethods(Collections.singletonList("*")); //GET, POST, PUT등 모든 요청 허용 + configuration.setAllowCredentials(true); + configuration.setAllowedHeaders(Collections.singletonList("*")); //모든 헤더 허용 + configuration.setMaxAge(3600L); - configuration.setAllowedOrigins(Collections.singletonList("http://localhost:3000")); //프론트 서버의 주소 - configuration.setAllowedMethods(Collections.singletonList("*")); //GET, POST, PUT등 모든 요청 허용 - configuration.setAllowCredentials(true); - configuration.setAllowedHeaders(Collections.singletonList("*")); //모든 헤더 허용 - configuration.setMaxAge(3600L); + configuration.setExposedHeaders( + Collections.singletonList("Set-Cookie")); //우리가 줄 데이터를 웹페이지에서 보이게 하기 + configuration.setExposedHeaders(Collections.singletonList("Authorization")); - configuration.setExposedHeaders( - Collections.singletonList("Set-Cookie")); //우리가 줄 데이터를 웹페이지에서 보이게 하기 - configuration.setExposedHeaders(Collections.singletonList("Authorization")); - - return configuration; - } + return configuration; })); //csrf disable : stateless이기 때문에 끄기 http @@ -109,11 +105,11 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { .authorizeHttpRequests((auth) -> auth .requestMatchers("/").permitAll() .requestMatchers("/reissue").permitAll() + .requestMatchers("/auth/email/**").permitAll() .requestMatchers("/api/v1/user/**", "auth/**").hasRole("USER") //.requestMatchers("/api/v1/**").hasAnyRole("MENTEE", "MENTOR") //로그인 제외하면 다 멘티나 멘토 아니면 접근불가 .requestMatchers("api/v1/possibleDate/**").hasRole("MENTOR") .requestMatchers("api/v1/mentor/**").hasRole("MENTEE") - .requestMatchers("/auth/email/**").permitAll() .anyRequest().authenticated()); //세션 설정 : STATELESS (JWT로 인증 인가 사용할 것이므로) http diff --git a/src/main/java/com/soongsil/CoffeeChat/config/swagger/SwaggerConfig.java b/src/main/java/com/soongsil/CoffeeChat/config/swagger/SwaggerConfig.java index 2fd029f..5962969 100644 --- a/src/main/java/com/soongsil/CoffeeChat/config/swagger/SwaggerConfig.java +++ b/src/main/java/com/soongsil/CoffeeChat/config/swagger/SwaggerConfig.java @@ -9,6 +9,7 @@ import io.swagger.v3.oas.models.info.Info; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; +import io.swagger.v3.oas.models.servers.Server; @Configuration public class SwaggerConfig { @@ -31,7 +32,7 @@ public OpenAPI openAPI() { SecurityRequirement addSecurityItem = new SecurityRequirement(); addSecurityItem.addList("JWT"); - return new OpenAPI() + return new OpenAPI().addServersItem(new Server().url("/")) // Security 인증 컴포넌트 설정 .components(new Components().addSecuritySchemes("JWT", bearerAuth)) // API 마다 Security 인증 컴포넌트 설정