Merge pull request #321 from kSideProject/fix/cors

[Fix] User 모듈에 CORS 설정 추가하여 로컬 프론트엔드 요청 허용
kSideProject · Dec 10, 2024 · 6e2e1d3 · 6e2e1d3
2 parents e466168 + 4a2d8df
commit 6e2e1d3
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/core/src/main/kotlin/kpring/core/global/config/WebFluxStaticResourceConfig.kt b/core/src/main/kotlin/kpring/core/global/config/WebFluxStaticResourceConfig.kt
@@ -21,6 +21,6 @@ class WebFluxStaticResourceConfig : WebFluxConfigurer {
   override fun addCorsMappings(registry: CorsRegistry) {
     registry.addMapping("/**")
       .allowedOriginPatterns("*")
-      .allowedMethods("GET", "POST", "DELETE", "PUT", "FETCH")
+      .allowedMethods("GET", "POST", "DELETE", "PUT", "PATCH")
   }
 }
diff --git a/core/src/main/kotlin/kpring/core/global/config/WebMvcStaticResourceConfig.kt b/core/src/main/kotlin/kpring/core/global/config/WebMvcStaticResourceConfig.kt
@@ -17,6 +17,6 @@ class WebMvcStaticResourceConfig : WebMvcConfigurer {
   override fun addCorsMappings(registry: CorsRegistry) {
     registry.addMapping("/**")
       .allowedOriginPatterns("*")
-      .allowedMethods("GET", "POST", "DELETE", "PUT", "FETCH")
+      .allowedMethods("GET", "POST", "DELETE", "PUT", "PATCH")
   }
 }
diff --git a/user/src/main/kotlin/kpring/user/config/SecurityConfig.kt b/user/src/main/kotlin/kpring/user/config/SecurityConfig.kt
@@ -2,13 +2,38 @@ package kpring.user.config
 
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.web.cors.CorsConfiguration
 
 @Configuration
+@EnableWebSecurity
 class SecurityConfig {
   @Bean
   fun encode(): PasswordEncoder {
     return BCryptPasswordEncoder()
   }
+
+  @Bean
+  fun filterChain(http: HttpSecurity): SecurityFilterChain {
+    http
+      .cors { cors ->
+        cors.configurationSource {
+          val cors = CorsConfiguration()
+          cors.allowedOrigins = listOf("http://localhost:3000")
+          cors.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "PATCH")
+          cors.allowedHeaders = listOf("*")
+          cors.allowCredentials = true
+          cors
+        }
+      }
+      .csrf { it.disable() }
+      .formLogin { it.disable() }
+      .httpBasic { }
+
+    return http.build()
+  }
 }