diff --git a/src/main/java/com/onebridge/ouch/security/SecurityConfig.java b/src/main/java/com/onebridge/ouch/security/SecurityConfig.java index d842b5d..7b4defa 100644 --- a/src/main/java/com/onebridge/ouch/security/SecurityConfig.java +++ b/src/main/java/com/onebridge/ouch/security/SecurityConfig.java @@ -1,5 +1,8 @@ package com.onebridge.ouch.security; +import java.util.List; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -11,6 +14,7 @@ import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; import com.onebridge.ouch.security.filter.JwtAuthenticationFilter; import com.onebridge.ouch.security.tokenManger.TokenManager; @@ -64,4 +68,27 @@ public CorsConfigurationSource corsConfigurationSource() { source.registerCorsConfiguration("/**", configuration); return source; } + + // CORS 필터 우선순위 추가 + // http.cors() 설정은 Spring Security가 인식할 수 있도록 등록하는 용도 + // 그런데 Spring Security의 인증 필터가 우선 적용돼서 OPTIONS 요청이 필터에서 차단되는 경우가 있음 + // 그래서 별도로 FilterRegistrationBean를 추가하면 이 필터가 모든 요청에서 가장 우선 실행되어서 확실히 적용됨 + @Bean + public FilterRegistrationBean corsFilter() { + CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.setAllowedOrigins(List.of( + "http://localhost:5173", + "https://ouchs.netlify.app" + )); + config.addAllowedHeader("*"); + config.addAllowedMethod("*"); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", config); + + FilterRegistrationBean bean = new FilterRegistrationBean<>(new CorsFilter(source)); + bean.setOrder(0); // 필터 최우선 순위 설정 + return bean; + } }