From e565b10b777527d8112ce5a6ec6da9f1a628954d Mon Sep 17 00:00:00 2001
From: xihxxn <sihyun8870@naver.com>
Date: Mon, 1 Jun 2026 00:49:52 +0900
Subject: [PATCH 1/2] =?UTF-8?q?cors=20=EC=A3=BC=EC=84=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/example/Piroin/project/global/config/CorsConfig.java | 5 +++++
 .../example/Piroin/project/global/config/SecurityConfig.java | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/backend/src/main/java/com/example/Piroin/project/global/config/CorsConfig.java b/backend/src/main/java/com/example/Piroin/project/global/config/CorsConfig.java
index ef95a6b..e56e761 100644
--- a/backend/src/main/java/com/example/Piroin/project/global/config/CorsConfig.java
+++ b/backend/src/main/java/com/example/Piroin/project/global/config/CorsConfig.java
@@ -14,12 +14,17 @@ public class CorsConfig {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
+        // 모든 출처(도메인) 허용 - Vercel 프론트엔드 등 다양한 도메인에서 요청 가능
         config.setAllowedOriginPatterns(List.of("*"));
+        // preflight(OPTIONS) 포함 모든 HTTP 메서드 허용
         config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        // Authorization 등 모든 요청 헤더 허용
         config.setAllowedHeaders(List.of("*"));
+        // 쿠키/인증 정보 포함 요청 허용
         config.setAllowCredentials(true);
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        // 모든 경로에 위 CORS 설정 적용
         source.registerCorsConfiguration("/**", config);
         return source;
     }
diff --git a/backend/src/main/java/com/example/Piroin/project/global/config/SecurityConfig.java b/backend/src/main/java/com/example/Piroin/project/global/config/SecurityConfig.java
index b05f584..bbcd7cd 100644
--- a/backend/src/main/java/com/example/Piroin/project/global/config/SecurityConfig.java
+++ b/backend/src/main/java/com/example/Piroin/project/global/config/SecurityConfig.java
@@ -27,6 +27,8 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+                // CorsConfig에서 등록한 CORS 설정을 Spring Security 필터 체인에 적용
+                // 이 설정이 없으면 preflight(OPTIONS) 요청이 Security 단에서 차단되어 405 반환
                 .cors(cors -> cors.configurationSource(corsConfigurationSource))
                 .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(session ->

From 667c684345b2ce0a6cd39c2a3183438bcbe98c95 Mon Sep 17 00:00:00 2001
From: xihxxn <sihyun8870@naver.com>
Date: Mon, 1 Jun 2026 02:48:50 +0900
Subject: [PATCH 2/2] connect api.piroin.com subdomain for HTTPS

---
 frontend/vercel.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/vercel.json b/frontend/vercel.json
index 246390d..d134295 100644
--- a/frontend/vercel.json
+++ b/frontend/vercel.json
@@ -2,7 +2,7 @@
   "rewrites": [
     {
       "source": "/api/:path*",
-      "destination": "http://13.209.73.127:8080/api/:path*"
+      "destination": "https://api.piroin.com/api/:path*"
     }
   ]
 }