Merge pull request 'cors 설정 추가' (#38) from feat/dev_251201 into develop

Reviewed-on: https://kamco.gitea.gs.dabeeo.com/dabeeo/kamco-dabeeo-backoffice/pulls/38
2025-12-10 14:11:09 +09:00
parent 3472903c8b c34f2c49b4
commit 59516d705f
1 changed files with 30 additions and 25 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -6,6 +6,7 @@ import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -28,7 +29,9 @@ public class SecurityConfig {
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

-    http.csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
+    http
+      .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+      .csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
      .sessionManagement(
        sm ->
          sm.sessionCreationPolicy(
@@ -40,7 +43,9 @@ public class SecurityConfig {
        customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
      .authorizeHttpRequests(
        auth ->
-                auth.requestMatchers(
+          auth
+            .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // preflight 허용
+            .requestMatchers(
              "/api/auth/signin",
              "/api/auth/refresh",
              "/swagger-ui/**",