Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Cors 허용 헤더 추가 #32

Merged
merged 2 commits into from
Nov 19, 2023
+11 −7
Merged

Fix: Cors 허용 헤더 추가 #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
40d2b03
Fix: Cors 허용 헤더 추가
1223v Nov 19, 2023
a4f0f4a
Fix: 서드파티 쿠키 추가
1223v Nov 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions src/main/java/com/readyvery/readyverydemo/security/config/SpringSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public class SpringSecurityConfig {
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
// [PART 1]
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement((sessionManagement) ->
sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
Expand All @@ -57,8 +58,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
"/oauth2/**",
"/login",
"/api/v1/store/**"
).permitAll() // 해당 요청은 인증이 필요함
.anyRequest().authenticated() // 위를 제외한 나머지는 모두 허용
).permitAll() // 위를 제외한 나머지는 모두 허용
.anyRequest().authenticated() // 해당 요청은 인증이 필요함
)
// [PART 3]
//== 소셜 로그인 설정 ==//
Expand Down Expand Up @@ -94,14 +95,14 @@ public PasswordEncoder passwordEncoder() {

@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("POST", "PATCH", "GET", "DELETE"));

// TODO: 이 부분은 나중에 삭제해야 됨
//configuration.setAllowedMethods(Arrays.asList("*")); // 모든 HTTP 메서드 허용
configuration.setAllowedHeaders(Arrays.asList("*")); // 모든 헤더 허용
configuration.setAllowCredentials(true); // 크레덴셜(쿠키, HTTP 인증 등) 허용
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOriginPatterns(Arrays.asList("*")); // 변경된 설정
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/com/readyvery/readyverydemo/security/jwt/service/JwtService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,9 @@ public void setAccessTokenCookie(HttpServletResponse response, String accessToke
// 필요한 경우 동일한 사이트 속성 설정 (쿠키 전송에 대한 제한)
// accessTokenCookie.setSameSite("Strict");

// 도메인 설정
accessTokenCookie.setDomain("localhost");

// 쿠키 만료 시간 설정 (예: 액세스 토큰 만료 시간과 같게 설정)
accessTokenCookie.setMaxAge(accessTokenExpirationPeriod.intValue()); // 초 단위로 설정
response.addCookie(accessTokenCookie); // 응답에 쿠키 추가
Expand Down