From aeaa191a2b0c0252512d8a9fafd5b4319b42d3eb Mon Sep 17 00:00:00 2001 From: lgwk42 Date: Fri, 24 May 2024 00:17:41 +0900 Subject: [PATCH] [Bug] :: cors error fix --- .../qvick/global/config/WebMvcConfig.java | 20 +++++++++++++++-- .../security/config/SecurityConfig.java | 22 +++++-------------- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/src/main/java/com/project/qvick/global/config/WebMvcConfig.java b/src/main/java/com/project/qvick/global/config/WebMvcConfig.java index d3a6f74a..a8f5664e 100644 --- a/src/main/java/com/project/qvick/global/config/WebMvcConfig.java +++ b/src/main/java/com/project/qvick/global/config/WebMvcConfig.java @@ -1,5 +1,6 @@ package com.project.qvick.global.config; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -10,10 +11,25 @@ public class WebMvcConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") - .allowedOrigins("*") + .allowedOrigins("*") // 필요한 출처를 명시 .allowedMethods("*") .allowedHeaders("*") - .allowCredentials(false); + .allowCredentials(true) + .maxAge(3600); } + @Bean + public WebMvcConfigurer corsConfigurer() { + return new WebMvcConfigurer() { + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedOrigins("*") + .allowedMethods("*") + .allowedHeaders("*") + .allowCredentials(true) + .maxAge(3600); + } + }; + } } diff --git a/src/main/java/com/project/qvick/global/security/config/SecurityConfig.java b/src/main/java/com/project/qvick/global/security/config/SecurityConfig.java index 18eb814a..aa0751cd 100644 --- a/src/main/java/com/project/qvick/global/security/config/SecurityConfig.java +++ b/src/main/java/com/project/qvick/global/security/config/SecurityConfig.java @@ -13,11 +13,12 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import static org.springframework.http.HttpMethod.*; +import static org.springframework.http.HttpMethod.DELETE; +import static org.springframework.http.HttpMethod.GET; +import static org.springframework.http.HttpMethod.PATCH; +import static org.springframework.http.HttpMethod.POST; @Configuration @EnableWebSecurity @@ -33,9 +34,10 @@ public class SecurityConfig { private static final String ADMIN = "ROLE_ADMIN"; @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain securityFilterChain(HttpSecurity http, CorsConfigurationSource corsConfigurationSource) throws Exception { http .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configurationSource(corsConfigurationSource)) .exceptionHandling(handlingConfigures -> handlingConfigures.authenticationEntryPoint(jwtAuthenticationEntryPoint)) .authorizeHttpRequests( authorize -> authorize @@ -75,16 +77,4 @@ public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } - @Bean - public CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedOriginPattern("*"); - configuration.addAllowedHeader("*"); - configuration.addAllowedMethod("*"); - configuration.setAllowCredentials(true); - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", configuration); - return source; - } - }