🔨 fix(dev): CORS 설정

HongEat-Team · Aug 11, 2022 · 21b682f · 21b682f
1 parent e570f02
commit 21b682f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 16 deletions.
diff --git a/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java b/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java
@@ -27,6 +27,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             throws ServletException, IOException {
         try {
             String jwt = resolveToken(request); //request에서 jwt 토큰을 꺼낸다.
+
             System.out.println("jwt = " + jwt); //test
 
             if (StringUtils.isNotEmpty(jwt) && jwtTokenProvider.validateToken(jwt)) {

diff --git a/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java b/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java
@@ -41,12 +41,18 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                 .accessDeniedHandler(jwtAccessDeniedHandler)
                 .and()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .httpBasic().disable()
                 //권한이 필요한 요청에 대한 설정
                 .authorizeRequests()
                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                 .antMatchers("/admin/**").hasAuthority("ROLE_ADMIN")
                 .antMatchers("/user/**").authenticated()
-                .anyRequest().permitAll();
+                .anyRequest().permitAll()
+                .and()
+                .headers().frameOptions().disable();
 
                 http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
                 return http.build();
@@ -60,22 +66,11 @@ public CorsConfigurationSource corsConfigurationSource() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 
         //로컬 react 개발 환경
-        configuration.setAllowedOrigins(Arrays.asList(
-                "https://hifihifi.site",
-                "https://api.hifihifi.site",
-                "http://localhost:3000",
-                "http://localhost:3100"
-        ));
+        configuration.addAllowedOriginPattern("*");
         //서버 react 프론트 환경
-        configuration.setAllowedHeaders(Arrays.asList(
-                "Authorization",
-                "TOKEN_ID", "X-Requested-With",
-                "Authorization", "Content-Type",
-                "Content-Length", "Cache-Control")
-        );
-        configuration.setAllowedMethods(Arrays.asList(
-                "HEAD", "GET", "POST", "PUT", "DELETE", "OPTION"
-        ));
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.addExposedHeader("x-auth-token");
         //내 서버의 응답 json 을 javascript에서 처리할수 있게 하는것(axios 등)
         configuration.setAllowCredentials(true);
         configuration.setMaxAge(3600L);