From 734b28286786de40414fa328db8bfac675c0f079 Mon Sep 17 00:00:00 2001 From: WonyuChoi Date: Fri, 13 Sep 2024 15:33:23 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20spring=20security=20cors=20=ED=97=88?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../first/flash/global/config/SecurityConfig.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/first/flash/global/config/SecurityConfig.java b/src/main/java/com/first/flash/global/config/SecurityConfig.java index dac66138..494fba70 100644 --- a/src/main/java/com/first/flash/global/config/SecurityConfig.java +++ b/src/main/java/com/first/flash/global/config/SecurityConfig.java @@ -19,6 +19,8 @@ import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @Configuration @EnableWebSecurity @@ -38,7 +40,15 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception { return http.csrf(AbstractHttpConfigurer::disable) - .cors(AbstractHttpConfigurer::disable) + .cors(cors->cors.configurationSource(request -> { + var corsConfiguration = new CorsConfiguration(); + corsConfiguration.addAllowedOrigin("*"); + corsConfiguration.addAllowedHeader("*"); + corsConfiguration.addAllowedMethod("*"); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", corsConfiguration); + return corsConfiguration; + })) .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy( SessionCreationPolicy.STATELESS)) .formLogin(AbstractHttpConfigurer::disable)