WithTime12 · Properks · Aug 3, 2025 · Aug 3, 2025
diff --git a/src/main/java/org/withtime/be/withtimebe/global/data/CorsConfigData.java b/src/main/java/org/withtime/be/withtimebe/global/data/CorsConfigData.java
@@ -0,0 +1,17 @@
+package org.withtime.be.withtimebe.global.data;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+@Getter
+@Setter
+@Configuration
+@ConfigurationProperties(prefix = "cors")
+public class CorsConfigData {
+    private List<String> urls;
+    private List<String> methods;
+}
diff --git a/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java b/src/main/java/org/withtime/be/withtimebe/global/security/SecurityConfig.java
@@ -29,6 +29,7 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.withtime.be.withtimebe.domain.auth.service.query.TokenStorageQueryService;
 import org.withtime.be.withtimebe.domain.member.service.query.MemberQueryService;
+import org.withtime.be.withtimebe.global.data.CorsConfigData;
 import org.withtime.be.withtimebe.global.security.filter.JsonLoginFilter;
 import org.withtime.be.withtimebe.global.security.filter.JwtFilter;
 import org.withtime.be.withtimebe.global.security.handler.CustomAccessDeniedHandler;
@@ -47,6 +48,7 @@ public class SecurityConfig {
     private final MemberQueryService memberQueryService;
     private final JwtUtil jwtUtil;
     private final FailureResponseWriter<DefaultResponseErrorReasonDTO> failureResponseWriter;
+    private final CorsConfigData corsConfigData;
 
     private String[] allowUrl = {
             API_PREFIX + "/auth/**",
@@ -145,9 +147,9 @@ PasswordEncoder passwordEncoder() {
     private CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
-        configuration.addAllowedOriginPattern("http://localhost:5173"); // 실배포 주소 나중에 추가
+        corsConfigData.getUrls().forEach(configuration::addAllowedOrigin); // 실배포 주소 나중에 추가
+        corsConfigData.getMethods().forEach(configuration::addAllowedMethod);
         configuration.addAllowedHeader("*");
-        configuration.addAllowedMethod("*");
         configuration.setAllowCredentials(true);
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

diff --git a/src/main/resources/application-develop.yml b/src/main/resources/application-develop.yml
@@ -68,6 +68,25 @@ spring:
             token-uri: https://oauth2.googleapis.com/token
             user-info-uri: https://www.googleapis.com/userinfo/v2/me
 
+  firebase:
+    enabled: true
+    config: ${FIREBASE_CONFIG}
+
+cors:
+  urls:
+    - http://localhost:8080
+    - http://localhost:3000
+    - http://localhost:5173
+    - http://localhost:5174
+    - https://withtime.cloud
+
+  methods:
+    - GET
+    - POST
+    - PUT
+    - PATCH
+    - DELETE
+
 jwt:
   secret: ${JWT_SECRET}
   time:

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -71,6 +71,21 @@ spring:
     enabled: true
     config: ${FIREBASE_CONFIG}
 
+cors:
+  urls:
+    - http://localhost:8080
+    - http://localhost:3000
+    - http://localhost:5173
+    - http://localhost:5174
+    - https://withtime.cloud
+
+  methods:
+    - GET
+    - POST
+    - PUT
+    - PATCH
+    - DELETE
+
 jwt:
   secret: ${JWT_SECRET}
   time: