From e4874b6797cdd01d04ccda57dd8e53cb4b4e9a60 Mon Sep 17 00:00:00 2001
From: Jinwoo Lee <binaryWooo@gmail.com>
Date: Sun, 28 Jan 2024 21:52:17 +0900
Subject: [PATCH 1/2] =?UTF-8?q?feat:=20cors=20=EC=84=A4=EC=A0=95=20?=
 =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=84=A0=EC=96=B8=20#38?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../oot/custom/config/CorsConfig.java         | 20 +++++++++++++++++++
 .../oot/custom/config/CorsFilter.java         | 19 ++++++++++++------
 2 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 src/main/java/com/endlesshorses/oot/custom/config/CorsConfig.java

diff --git a/src/main/java/com/endlesshorses/oot/custom/config/CorsConfig.java b/src/main/java/com/endlesshorses/oot/custom/config/CorsConfig.java
new file mode 100644
index 0000000..545eec5
--- /dev/null
+++ b/src/main/java/com/endlesshorses/oot/custom/config/CorsConfig.java
@@ -0,0 +1,20 @@
+package com.endlesshorses.oot.custom.config;
+
+import java.util.List;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "cors")
+public class CorsConfig {
+	private List<String> allowedOrigins;
+
+	public List<String> getAllowedOrigins() {
+		return allowedOrigins;
+	}
+
+	public void setAllowedOrigins(List<String> allowedOrigins) {
+		this.allowedOrigins = allowedOrigins;
+	}
+}
diff --git a/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java b/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
index 348f3b6..4d435f9 100644
--- a/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
+++ b/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
@@ -1,6 +1,8 @@
 package com.endlesshorses.oot.custom.config;
 
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
 
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
@@ -18,6 +20,7 @@
 @Component
 @Order(Ordered.HIGHEST_PRECEDENCE)
 public class CorsFilter implements Filter {
+    private static final List<String> allowedOrigins = Arrays.asList("http://localhost:3000");
     private Object Ordered;
 
     @Override
@@ -35,12 +38,16 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
         HttpServletRequest request = (HttpServletRequest) req;
         HttpServletResponse response = (HttpServletResponse) res;
 
-        response.setHeader("Access-Control-Allow-Origin", "*");
-        response.setHeader("Access-Control-Allow-Credentials", "true");
-        response.setHeader("Access-Control-Allow-Methods", "*");
-        response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers",
-                "Origin, X-Requested-With, Content-Type, Accept, Authorization");
+        String origin = request.getHeader("Origin");
+
+        if (allowedOrigins.contains(origin)) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+            response.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, PATCH, DELETE");
+            response.setHeader("Access-Control-Max-Age", "3600");
+            response.setHeader("Access-Control-Allow-Headers",
+                    "Origin, X-Requested-With, Content-Type, Accept, Authorization");
+        }
 
         if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
             response.setStatus(HttpServletResponse.SC_OK);

From fb5a3283369ce6093931fb4754b446ddbaee4a37 Mon Sep 17 00:00:00 2001
From: Jinwoo Lee <binaryWooo@gmail.com>
Date: Sun, 28 Jan 2024 21:52:59 +0900
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20cors=20filter=20=EC=8B=A4=ED=96=89?=
 =?UTF-8?q?=20=EC=8B=9C=20origin=20=EA=B2=80=EC=A6=9D=20=EB=A1=9C=EC=A7=81?=
 =?UTF-8?q?=20=EC=B6=94=EA=B0=80=20#38?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/endlesshorses/oot/custom/config/CorsFilter.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java b/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
index 4d435f9..e42c370 100644
--- a/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
+++ b/src/main/java/com/endlesshorses/oot/custom/config/CorsFilter.java
@@ -16,12 +16,13 @@
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
 
 @Component
 @Order(Ordered.HIGHEST_PRECEDENCE)
+@RequiredArgsConstructor
 public class CorsFilter implements Filter {
-    private static final List<String> allowedOrigins = Arrays.asList("http://localhost:3000");
-    private Object Ordered;
+    private final CorsConfig corsConfig;
 
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
@@ -40,7 +41,9 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 
         String origin = request.getHeader("Origin");
 
-        if (allowedOrigins.contains(origin)) {
+        System.out.println(corsConfig.getAllowedOrigins());
+
+        if (corsConfig.getAllowedOrigins().contains(origin)) {
             response.setHeader("Access-Control-Allow-Origin", origin);
             response.setHeader("Access-Control-Allow-Credentials", "true");
             response.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, PATCH, DELETE");