From 0ae5e627a60a20b6918b29006795883b238aab42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=96=91=EC=A7=80=EC=9B=90?= Date: Thu, 18 Jul 2024 14:00:14 +0900 Subject: [PATCH] Refactor: cors bug fix --- .platform/nginx.conf | 12 +++--- .../api/global/config/WebSecurityConfig.java | 38 +++++++++---------- 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/.platform/nginx.conf b/.platform/nginx.conf index 19f5a45..61e3146 100644 --- a/.platform/nginx.conf +++ b/.platform/nginx.conf @@ -40,7 +40,7 @@ http { proxy_pass http://springboot; if ($request_method = 'OPTIONS') { # OPTIONS 요청에 대한 CORS 헤더 추가 - add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Origin' 'https://travel-compass.netlify.app'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type'; add_header 'Access-Control-Allow-Credentials' 'true'; @@ -50,10 +50,10 @@ http { } # CORS 관련 헤더 추가 - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type'; - add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Origin' 'https://travel-compass.netlify.app' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; proxy_http_version 1.1; proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; @@ -74,4 +74,4 @@ http { # Include the Elastic Beanstalk generated locations include conf.d/elasticbeanstalk/healthd.conf; } -} +} \ No newline at end of file diff --git a/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java b/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java index c4b05d8..a60c723 100644 --- a/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java +++ b/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java @@ -32,35 +32,33 @@ protected SecurityFilterChain securityFilterChain( ) throws Exception { http .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .authorizeHttpRequests(authHttp -> authHttp - .requestMatchers( - "/health", // health check - "/", // root + .requestMatchers( + "/health", // health check + "/", // root - "/oauth2/authorization/naver", // 로그인 - "/login/oauth2/code/**", // code, state 반환 - "/token/**", // 로컬에게 토큰 반환 - "/oauth/**", // 프론트에게 토큰 반환 + "/oauth2/authorization/naver", // 로그인 + "/login/oauth2/code/**", // code, state 반환 + "/token/**", // 로컬에게 토큰 반환 + "/oauth/**", // 프론트에게 토큰 반환 - "/swagger-ui/**", // Swagger UI - "/v3/api-docs/**", // Swagger API docs - "/swagger-resources/**", // Swagger resources + "/swagger-ui/**", // Swagger UI + "/v3/api-docs/**", // Swagger API docs + "/swagger-resources/**", // Swagger resources - "/locations/regions/**", // 지역별 장소 리스트 조회 - "/locations/**", // 장소 상세 조회 + "/locations/regions/**", // 지역별 장소 리스트 조회 + "/locations/**", // 장소 상세 조회 - "/plans/search/**" // 여행계획 조회 - ) - .permitAll() - //.anyRequest().permitAll() - .anyRequest().authenticated() + "/plans/search/**" // 여행계획 조회 + ) + .permitAll() + //.anyRequest().permitAll() + .anyRequest().authenticated() ) .oauth2Login(oauth2Login -> oauth2Login - //.loginPage("/users/login") - //.loginPage("http://umc.persi0815.site:8080/oauth2/authorization/naver") //비인증 사용자를 이동시킬 로그인 페이지 .successHandler(oAuth2SuccessHandler) //인증 성공 후 jwt 생성, 사용자 정보 db에 등록 - //.defaultSuccessUrl("/users/main") //로그인(일정 부분) 성공하면 특정 화면으로 이동 .userInfoEndpoint(userInfo -> userInfo .userService(oAuth2UserService) //사용자 데이터 처리 )