From c357250192055ebcc61e6f16daf2a310a8277d26 Mon Sep 17 00:00:00 2001 From: suyeoniii Date: Thu, 8 Aug 2024 18:36:39 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20#13=20cors=20option=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../routebox/security/SecurityConfig.kt | 52 +++++++++---------- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/src/main/kotlin/com/routebox/routebox/security/SecurityConfig.kt b/src/main/kotlin/com/routebox/routebox/security/SecurityConfig.kt index f0db4a4..c1695f2 100644 --- a/src/main/kotlin/com/routebox/routebox/security/SecurityConfig.kt +++ b/src/main/kotlin/com/routebox/routebox/security/SecurityConfig.kt @@ -10,6 +10,7 @@ import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter import org.springframework.web.cors.CorsConfiguration import org.springframework.web.cors.CorsConfigurationSource +import org.springframework.web.cors.UrlBasedCorsConfigurationSource @Configuration class SecurityConfig { @@ -44,33 +45,8 @@ class SecurityConfig { .httpBasic { it.disable() } .formLogin { it.disable() } .sessionManagement { session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS) } - .cors { corsConfigurer -> - val corsConfigSrc = CorsConfigurationSource { - val corsConfig = CorsConfiguration() - corsConfig.allowCredentials = true - corsConfig.allowedOrigins = listOf( - "http://localhost*", - "http://myroutebox.com", - "https://myroutebox.com", - "http://api-dev.myroutebox.com", - "https://api-dev.myroutebox.com", - "http://*.myroutebox.com", - "https://*.myroutebox.com", - ) - corsConfig.allowedMethods = listOf( - HttpMethod.GET.name(), - HttpMethod.POST.name(), - HttpMethod.PUT.name(), - HttpMethod.DELETE.name(), - HttpMethod.PATCH.name(), - HttpMethod.OPTIONS.name(), - ) - corsConfig.allowedHeaders = listOf("*") - corsConfig.exposedHeaders = listOf("*") - corsConfig.allowCredentials = true - return@CorsConfigurationSource corsConfig - } - corsConfigurer.configurationSource(corsConfigSrc) + .cors { + it.configurationSource(corsConfigurationSource()) } .authorizeHttpRequests { auth -> auth.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() @@ -89,5 +65,27 @@ class SecurityConfig { } .build() } + + @Bean + fun corsConfigurationSource(): CorsConfigurationSource { + val corsConfig = CorsConfiguration() + corsConfig.allowedOrigins = listOf("https://api-dev.myroutebox.com", "https://*.myroutebox.com") + corsConfig.allowedMethods = listOf( + HttpMethod.GET.name(), + HttpMethod.POST.name(), + HttpMethod.PUT.name(), + HttpMethod.DELETE.name(), + HttpMethod.PATCH.name(), + HttpMethod.OPTIONS.name(), + ) + corsConfig.allowedHeaders = listOf("*") + corsConfig.exposedHeaders = listOf("*") + corsConfig.allowCredentials = true + corsConfig.maxAge = 3600L + + val source = UrlBasedCorsConfigurationSource() + source.registerCorsConfiguration("/**", corsConfig) + return source + } } }