From af756ea6dc738d793e2089014fd8f5e3c14673ac Mon Sep 17 00:00:00 2001
From: yooonwodyd <dbswodyd00@naver.com>
Date: Fri, 15 Nov 2024 16:27:03 +0900
Subject: [PATCH] refactor:[#84]- refact Security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cors 변경
---
 .../global/security/WebSecurityConfig.java             | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
index 41d97d2..86ee988 100644
--- a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
+++ b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
@@ -4,6 +4,7 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -71,6 +72,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http.sessionManagement((session) -> session
 			.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 		http.cors((cors) -> cors.configurationSource(corsConfigurationSource()));
+
+		http.authorizeHttpRequests((authorize) ->
+			authorize
+				.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // OPTIONS 요청 허용
+				.anyRequest().authenticated()
+		);
+
 		http.authorizeHttpRequests((authorize) ->
 			authorize
 				.requestMatchers(
@@ -98,7 +106,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	@Bean
 	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration configuration = new CorsConfiguration();
-		configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http//localhost:3000"));
+		configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http://localhost:3000"));
 		configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
 		configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"));
 		configuration.setAllowCredentials(true);