From 90bd080598d636ca7c0859248441277edfb28a77 Mon Sep 17 00:00:00 2001
From: lass9436 <lass9436@gmail.com>
Date: Wed, 21 Aug 2024 10:45:58 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20CORS=20=EC=84=A4=EC=A0=95=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../global/config/SecurityConfig.java         | 21 +++++++++++--------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/main/java/com/thirdparty/ticketing/global/config/SecurityConfig.java b/src/main/java/com/thirdparty/ticketing/global/config/SecurityConfig.java
index d32ddfc0..5ee5665a 100644
--- a/src/main/java/com/thirdparty/ticketing/global/config/SecurityConfig.java
+++ b/src/main/java/com/thirdparty/ticketing/global/config/SecurityConfig.java
@@ -14,8 +14,8 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
 
 import com.thirdparty.ticketing.domain.member.MemberRole;
 import com.thirdparty.ticketing.domain.member.service.JwtProvider;
@@ -55,18 +55,21 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtProvider jwtProvide
                 .addFilterBefore(
                         new AuthenticationFilter(jwtProvider),
                         UsernamePasswordAuthenticationFilter.class)
-                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .build();
     }
 
-    private CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of("http://localhost:8080"));
-        configuration.setAllowedMethods(
-                List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+    @Bean
+    public CorsFilter corsFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(List.of("http://localhost:3000/"));
+        config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        config.setAllowCredentials(true);
+        config.setAllowedHeaders(List.of("*"));
+        config.setExposedHeaders(List.of("Authorization"));
+        config.setMaxAge(3600L);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
     }
 
     @Bean