Merge pull request TeamMajorLink#78 from kimdavid0521/feat#71

[BUG] cors 옵션 추가
kchaeeun · Aug 21, 2024 · 4e35d53 · 4e35d53
2 parents 0c50060 + f86d983
commit 4e35d53
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/majorLink/src/main/java/com/example/majorLink/controller/HealtyCheckController.java b/majorLink/src/main/java/com/example/majorLink/controller/HealtyCheckController.java
@@ -4,6 +4,8 @@
 import com.example.majorLink.global.auth.AuthUser;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
@@ -14,4 +16,11 @@ public String checkHealth(@AuthenticationPrincipal AuthUser authUser) {
         User user = authUser.getUser();
         return "im healty" + user;
     }
+
+    @PostMapping("/post/health")
+    public String checkPost(@AuthenticationPrincipal AuthUser authUser, @RequestBody String title) {
+        User user = authUser.getUser();
+        return title + user;
+
+    }
 }
diff --git a/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java b/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java
@@ -13,6 +13,9 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+
+import java.util.Arrays;
 
 @Configuration
 @EnableWebSecurity
@@ -28,7 +31,15 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .httpBasic(AbstractHttpConfigurer::disable) // http form login 비활성화
                 .csrf(AbstractHttpConfigurer::disable) // csrf 필터 비활성화 -> cookies 사용하지 않으므로 위험 없음
-                .cors(AbstractHttpConfigurer::disable)
+                .cors(cors -> cors
+                        .configurationSource(request -> {
+                            CorsConfiguration config = new CorsConfiguration();
+                            config.setAllowedOrigins(Arrays.asList("http://localhost:3000", "http://localhost:3001", "http://127.0.0.1:8080"));
+                            config.setAllowedMethods(Arrays.asList("GET", "POST", "DELETE", "PUT"));
+                            config.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Auth-Token")); // 허용할 헤더 설정
+                            return config;
+                        })
+                )
                 .formLogin(AbstractHttpConfigurer::disable) // basic login 비활성화
                 .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // session 사용 X
                 .addFilterBefore(new JwtAuthenticationFilter(jwtService), UsernamePasswordAuthenticationFilter.class)