From 4927b19a0145e51ad69ccdb9a776712657bb1f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=A0=95=ED=95=B8=EB=AA=A8?= Date: Mon, 27 May 2024 17:05:53 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20security=20filter=EC=97=90=EC=84=9C=20al?= =?UTF-8?q?low=20origin=20*=EB=A1=9C=20=EB=82=B4=EB=A0=A4=EA=B0=80?= =?UTF-8?q?=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/config/security/SecurityConfiguration.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java b/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java index 38fd159e..e19c42ee 100644 --- a/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java +++ b/src/main/java/com/keeper/homepage/global/config/security/SecurityConfiguration.java @@ -3,6 +3,7 @@ import com.keeper.homepage.global.config.security.filter.RefreshTokenFilter; import com.keeper.homepage.global.config.security.handler.CustomAccessDeniedHandler; import com.keeper.homepage.global.config.security.handler.CustomAuthenticationEntryPoint; +import java.util.List; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -54,9 +55,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedOriginPattern("*"); - configuration.addAllowedHeader("*"); - configuration.addAllowedMethod("*"); + configuration.setAllowedOrigins(List.of("https://keeper.or.kr", "https://localhost:3000")); + configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); + configuration.addAllowedHeader("headers"); configuration.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();