From 7acc869abc3f5ee69fa334285699744d18d16a19 Mon Sep 17 00:00:00 2001 From: bbbang105 <2018111366@dgu.ac.kr> Date: Mon, 18 Nov 2024 02:24:49 +0900 Subject: [PATCH] =?UTF-8?q?#121=20[fix]=20:=20Origin=EC=9D=84=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=ED=95=B4=20CORS=20=EB=AC=B8=EC=A0=9C=EB=A5=BC=20?= =?UTF-8?q?=ED=95=B4=EA=B2=B0=ED=95=9C=EB=8B=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../onetime/global/config/SecurityConfig.java | 45 ++++++++++++------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/src/main/java/side/onetime/global/config/SecurityConfig.java b/src/main/java/side/onetime/global/config/SecurityConfig.java index be505a1..9493e9b 100644 --- a/src/main/java/side/onetime/global/config/SecurityConfig.java +++ b/src/main/java/side/onetime/global/config/SecurityConfig.java @@ -21,24 +21,37 @@ @Configuration @EnableWebSecurity public class SecurityConfig { + private final OAuthLoginSuccessHandler oAuthLoginSuccessHandler; private final OAuthLoginFailureHandler oAuthLoginFailureHandler; + private static final String[] SWAGGER_URLS = { + "/swagger-ui/**", "/v3/api-docs/**" + }; + + private static final String[] ALLOWED_ORIGINS = { + "http://localhost:5173", + "https://onetime-test.vercel.app", + "https://www.onetime-test.vercel.app", + "https://onetime-with-members.com", + "https://www.onetime-with-members.com", + "https://1-ti.me", + "https://www.1-ti.me", + "https://noonsachin.com", + "https://www.noonsachin.com", + "https://onetime-test.store.com", + "https://www.onetime-test.store.com", + }; + @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOrigins(Arrays.asList( - "http://localhost:5173", - "https://onetime-test.vercel.app", - "https://www.onetime-test.vercel.app", - "https://onetime-with-members.com", - "https://www.onetime-with-members.com", - "https://1-ti.me", - "https://www.1-ti.me" - )); + config.setAllowedOrigins(Arrays.asList(ALLOWED_ORIGINS)); config.setAllowedMethods(Collections.singletonList("*")); config.setAllowedHeaders(Collections.singletonList("*")); config.setAllowCredentials(true); + config.setExposedHeaders(Arrays.asList("Authorization", "Set-Cookie")); + config.setMaxAge(3600L); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); @@ -51,14 +64,14 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti .httpBasic(HttpBasicConfigurer::disable) .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource())) .csrf(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(authorize -> - authorize - .requestMatchers("/**").permitAll() + .authorizeHttpRequests(authorize -> authorize + .requestMatchers(SWAGGER_URLS).permitAll() + .requestMatchers("/**").permitAll() // 추후 변경 필요 + .anyRequest().authenticated() ) - .oauth2Login(oauth -> // OAuth2 로그인 기능에 대한 여러 설정의 진입점 - oauth - .successHandler(oAuthLoginSuccessHandler) // 로그인 성공 시 핸들러 - .failureHandler(oAuthLoginFailureHandler) // 로그인 실패 시 핸들러 + .oauth2Login(oauth -> oauth + .successHandler(oAuthLoginSuccessHandler) // OAuth 로그인 성공 핸들러 + .failureHandler(oAuthLoginFailureHandler) // OAuth 로그인 실패 핸들러 ); return httpSecurity.build();