diff --git a/src/main/java/com/example/timefit/global/config/SecurityConfig.java b/src/main/java/com/example/timefit/global/config/SecurityConfig.java index 6e0a7b5..d9aba62 100644 --- a/src/main/java/com/example/timefit/global/config/SecurityConfig.java +++ b/src/main/java/com/example/timefit/global/config/SecurityConfig.java @@ -12,6 +12,11 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @Configuration @RequiredArgsConstructor @@ -23,6 +28,7 @@ public class SecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .csrf(csrf -> csrf.disable()) .formLogin(form -> form.disable()) .httpBasic(basic -> basic.disable()) @@ -37,4 +43,25 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.build(); } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOriginPatterns(Arrays.asList( + "http://localhost:3000", + "https://timefit.com" + )); + + configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); + + configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "Cache-Control")); + + configuration.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + + source.registerCorsConfiguration("/**", configuration); + return source; + } }