프론트엔드와 협업을 위해서는 cors 설정이 필요하다.
cors:
origin:
- <http://localhost:3000> // 프론트 로컬 서버
- <http://127.0.0.1:3000>
- <https://monthsub.netlify.app> // 프론트 배포 서버
allows: //엔드포인트
get:
- /assets/**
- /h2-console/**
- /v3/api-docs/**
- /swagger-monthsub.html
- /swagger-ui/**
# endpoint
- /health
- /main
- /series
- /series/sort
- /series/{id}
- /series/search/title
- /series/search/nickname
- /users/{id}/other
post:
- /users/login
- /users/signup
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers(HttpMethod.GET, this.security.getAllows().getGet().toArray(String[]::new))
.permitAll()
.mvcMatchers(HttpMethod.POST, this.security.getAllows().getPost().toArray(String[]::new))
.permitAll()
.anyRequest().fullyAuthenticated()
.and()
.cors().configurationSource(corsConfigurationSource()) // cors 설정
.and()
... 생략
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
Arrays.stream(this.security.getCors().getOrigin())
.toList()
.forEach(configuration::addAllowedOrigin);
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
CORS Setting for Spring Security
@Configuration
public class WebConfig implements WebMvcConfigurer {
private final Security security;
public WebConfig(Security security) {
this.security = security;
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry
.addMapping("/**")
.allowedOrigins(this.security.getCors().getOrigin())
.allowedMethods("*");
}
}