fix: cors allow config

mash-up-kr · Aug 4, 2024 · 562e0de · 562e0de
1 parent 8856185
commit 562e0de
Showing 1 changed file with 31 additions and 5 deletions.
diff --git a/api/src/main/kotlin/com/mashup/dojo/config/WebConfiguration.kt b/api/src/main/kotlin/com/mashup/dojo/config/WebConfiguration.kt
@@ -1,14 +1,40 @@
 package com.mashup.dojo.config
 
+import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.web.servlet.config.annotation.CorsRegistry
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
+import org.springframework.web.filter.CorsFilter
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
 class WebConfiguration : WebMvcConfigurer {
-    override fun addCorsMappings(registry: CorsRegistry) {
-        registry.addMapping("/**")
-            .allowedOrigins("http://localhost:5173")
-            .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE")
+    // override fun addCorsMappings(registry: CorsRegistry) {
+    //     registry.addMapping("/**")
+    //         .allowedOrigins("http://localhost:5173")
+    //         .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE")
+    // }
+
+    @Bean
+    fun corsFilter(): CorsFilter {
+        val source = UrlBasedCorsConfigurationSource()
+        val config = CorsConfiguration()
+        config.allowCredentials = true
+        // config.addAllowedOrigin("https://me-shit.vercel.app")
+        config.addAllowedOrigin("https://maship.vercel.app")
+        config.addAllowedOrigin("http://localhost:5173")
+        config.addAllowedOrigin("http://localhost:4173")
+        config.addAllowedHeader("Content-Type")
+        config.addAllowedHeader("Authorization")
+        config.addAllowedHeader("X-Requested-With")
+        config.addAllowedMethod("GET")
+        config.addAllowedMethod("POST")
+        config.addAllowedMethod("PUT")
+        config.addAllowedMethod("PATCH")
+        config.addAllowedMethod("DELETE")
+        config.addAllowedMethod("OPTIONS")
+        config.addExposedHeader("Authorization")
+        source.registerCorsConfiguration("/**", config)
+        return CorsFilter(source)
     }
 }