From 21b682fd0755acc316ce617703111b213422211a Mon Sep 17 00:00:00 2001
From: gengminy <kls1998@naver.com>
Date: Thu, 11 Aug 2022 14:37:38 +0900
Subject: [PATCH] =?UTF-8?q?:hammer:=20fix(dev):=20CORS=20=EC=84=A4?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../auth/jwt/JwtAuthenticationFilter.java     |  1 +
 .../auth/security/SecurityConfiguration.java  | 27 ++++++++-----------
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java b/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java
index 0a97ae6..4a45ac6 100644
--- a/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java
+++ b/src/main/java/Backend/HIFI/auth/jwt/JwtAuthenticationFilter.java
@@ -27,6 +27,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             throws ServletException, IOException {
         try {
             String jwt = resolveToken(request); //request에서 jwt 토큰을 꺼낸다.
+
             System.out.println("jwt = " + jwt); //test
 
             if (StringUtils.isNotEmpty(jwt) && jwtTokenProvider.validateToken(jwt)) {
diff --git a/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java b/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java
index 7352888..3feb399 100644
--- a/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java
+++ b/src/main/java/Backend/HIFI/auth/security/SecurityConfiguration.java
@@ -41,12 +41,18 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                 .accessDeniedHandler(jwtAccessDeniedHandler)
                 .and()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .httpBasic().disable()
                 //권한이 필요한 요청에 대한 설정
                 .authorizeRequests()
                 .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                 .antMatchers("/admin/**").hasAuthority("ROLE_ADMIN")
                 .antMatchers("/user/**").authenticated()
-                .anyRequest().permitAll();
+                .anyRequest().permitAll()
+                .and()
+                .headers().frameOptions().disable();
 
                 http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
                 return http.build();
@@ -60,22 +66,11 @@ public CorsConfigurationSource corsConfigurationSource() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 
         //로컬 react 개발 환경
-        configuration.setAllowedOrigins(Arrays.asList(
-                "https://hifihifi.site",
-                "https://api.hifihifi.site",
-                "http://localhost:3000",
-                "http://localhost:3100"
-        ));
+        configuration.addAllowedOriginPattern("*");
         //서버 react 프론트 환경
-        configuration.setAllowedHeaders(Arrays.asList(
-                "Authorization",
-                "TOKEN_ID", "X-Requested-With",
-                "Authorization", "Content-Type",
-                "Content-Length", "Cache-Control")
-        );
-        configuration.setAllowedMethods(Arrays.asList(
-                "HEAD", "GET", "POST", "PUT", "DELETE", "OPTION"
-        ));
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.addExposedHeader("x-auth-token");
         //내 서버의 응답 json 을 javascript에서 처리할수 있게 하는것(axios 등)
         configuration.setAllowCredentials(true);
         configuration.setMaxAge(3600L);