diff --git a/src/main/java/org/withtime/be/withtimebe/global/data/CorsConfigData.java b/src/main/java/org/withtime/be/withtimebe/global/data/CorsConfigData.java new file mode 100644 index 0000000..2650f24 --- /dev/null +++ b/src/main/java/org/withtime/be/withtimebe/global/data/CorsConfigData.java @@ -0,0 +1,17 @@ +package org.withtime.be.withtimebe.global.data; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; + +import java.util.List; + +@Getter +@Setter +@Configuration +@ConfigurationProperties(prefix = "cors") +public class CorsConfigData { + private List urls; + private List methods; +} diff --git a/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java b/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java index 92ea247..6d0fce2 100644 --- a/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java +++ b/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java @@ -29,6 +29,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.withtime.be.withtimebe.domain.auth.service.query.TokenStorageQueryService; import org.withtime.be.withtimebe.domain.member.service.query.MemberQueryService; +import org.withtime.be.withtimebe.global.data.CorsConfigData; import org.withtime.be.withtimebe.global.security.filter.JsonLoginFilter; import org.withtime.be.withtimebe.global.security.filter.JwtFilter; import org.withtime.be.withtimebe.global.security.handler.CustomAccessDeniedHandler; @@ -47,6 +48,7 @@ public class SecurityConfig { private final MemberQueryService memberQueryService; private final JwtUtil jwtUtil; private final FailureResponseWriter failureResponseWriter; + private final CorsConfigData corsConfigData; private String[] allowUrl = { API_PREFIX + "/auth/**", @@ -145,9 +147,9 @@ PasswordEncoder passwordEncoder() { private CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedOriginPattern("http://localhost:5173"); // 실배포 주소 나중에 추가 + corsConfigData.getUrls().forEach(configuration::addAllowedOrigin); // 실배포 주소 나중에 추가 + corsConfigData.getMethods().forEach(configuration::addAllowedMethod); configuration.addAllowedHeader("*"); - configuration.addAllowedMethod("*"); configuration.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); diff --git a/src/main/resources/application-develop.yml b/src/main/resources/application-develop.yml index 42eff89..8ace807 100644 --- a/src/main/resources/application-develop.yml +++ b/src/main/resources/application-develop.yml @@ -68,6 +68,25 @@ spring: token-uri: https://oauth2.googleapis.com/token user-info-uri: https://www.googleapis.com/userinfo/v2/me + firebase: + enabled: true + config: ${FIREBASE_CONFIG} + +cors: + urls: + - http://localhost:8080 + - http://localhost:3000 + - http://localhost:5173 + - http://localhost:5174 + - https://withtime.cloud + + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + jwt: secret: ${JWT_SECRET} time: diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 311aed9..6417d78 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -71,6 +71,21 @@ spring: enabled: true config: ${FIREBASE_CONFIG} +cors: + urls: + - http://localhost:8080 + - http://localhost:3000 + - http://localhost:5173 + - http://localhost:5174 + - https://withtime.cloud + + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + jwt: secret: ${JWT_SECRET} time: