From 8dd23a7b80ff473582b55bbdafa480331e6b2b58 Mon Sep 17 00:00:00 2001 From: jangjuntae Date: Mon, 12 Jan 2026 16:10:54 +0900 Subject: [PATCH] =?UTF-8?q?=ED=94=84=EB=A1=A0=ED=8A=B8=EC=97=94=EB=93=9C?= =?UTF-8?q?=20=ED=98=91=EC=97=85=EC=9D=84=20=EC=9C=84=ED=95=9C=20CORS=20?= =?UTF-8?q?=EB=B0=8F=20AWS=20=EC=9D=B8=ED=94=84=EB=9D=BC=20=EA=B0=9C?= =?UTF-8?q?=EB=B0=A90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../timefit/global/config/SecurityConfig.java | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/main/java/com/example/timefit/global/config/SecurityConfig.java b/src/main/java/com/example/timefit/global/config/SecurityConfig.java index 6e0a7b5..d9aba62 100644 --- a/src/main/java/com/example/timefit/global/config/SecurityConfig.java +++ b/src/main/java/com/example/timefit/global/config/SecurityConfig.java @@ -12,6 +12,11 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @Configuration @RequiredArgsConstructor @@ -23,6 +28,7 @@ public class SecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .csrf(csrf -> csrf.disable()) .formLogin(form -> form.disable()) .httpBasic(basic -> basic.disable()) @@ -37,4 +43,25 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.build(); } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + + configuration.setAllowedOriginPatterns(Arrays.asList( + "http://localhost:3000", + "https://timefit.com" + )); + + configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); + + configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "Cache-Control")); + + configuration.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + + source.registerCorsConfiguration("/**", configuration); + return source; + } }