ํ๋ก ํธ, ๋ฐฑ์๋ ์ฐ๊ฒฐํ ๋๋ง๋ค ์๋ฅผ ๋ง์ฃผํ๋ ๋ฏ ํ๋ค. (์ง๊ธ์ง๊ธ)
๋ฐฑ์๋์์ allowํด์ฃผ๋ ๊ฒ ๊ตญ๋ฃฐ์ด๋ผ, GPT๊ฐ ํ๋ผ๋ ๋๋ก ๋ฐฑ์๋๋ฅผ ์ด๊ฒ์ ๊ฒ ์์ ํด๋ดค์ง๋ง...
CORS ๊ฐ ์กํ๋ ๋ค๋ฅธ ์๋ฌ๊ฐ ํฐ์ง๋ ๋ฐ๋์.. ๊ฒฐ๊ตญ SOS๋ฅผ ์ณค๊ณ .. ์ฃผ์ ์์ค๋ก ์์ ํ๋๊น ๋จ!
// SecurtiyConfig.java
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
CookieCsrfTokenRepository cookieCsrfTokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
cookieCsrfTokenRepository.setHeaderName("x-xsrf-token");
http
.cors(cors -> {}) // ์ถ๊ฐ
.csrf(csrf -> csrf
.csrfTokenRepository(cookieCsrfTokenRepository)
.csrfTokenRequestHandler(new CustomCsrfTokenRequestHandler())
)
// ServeltConfig.java ๋งจ๋ฐ์ ์ถ๊ฐ
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*")
.allowCredentials(true);
}
-> SpringBoot๋ก ๋ณ๊ฒฝ ํ ์ด ๋ฐฉ๋ฒ์ผ๋ก ์ ๋จ. (SpringBoot 3.2.5)
http.cors(cors -> {}) ๋ ์ค์ CorsConfigurationSource Bean์ ์๊ตฌ → ํ์ง๋ง WebMvcConfigurer#addCorsMappings๋ง ์ค์ ํ๊ณ , CorsConfigurationSource Bean์ ์ง์ ๋ฑ๋กํ์ง ์์ผ๋ฉด Spring Security๋ ์ด ์ค์ ์ ๋ฌด์ํฉ๋๋ค.
๊ทธ๋์ addCorsMappings() ์ค์ ์ Spring MVC์์๋ ๋์ํ์ง๋ง, Spring Security์์๋ http.cors()๊ฐ ํ์ฑํ๋๋ฉด์ ๋น ์ค์ ์ด ํ์ํด์ง.
GPT๋ ์ด๋ ๊ฒ ๋งํด์ค.
๊ทธ๋์,
// SecurtiyConfig.java
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://localhost:3000"));
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(List.of("Content-Type", "Authorization", "X-Requested-With", "x-xsrf-token", "Accept"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
CookieCsrfTokenRepository cookieCsrfTokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
cookieCsrfTokenRepository.setHeaderName("x-xsrf-token");
http
.cors(cors -> cors.configurationSource(corsConfigurationSource())) // ๋ณ๊ฒฝ
.csrf(csrf -> csrf
.csrfTokenRepository(cookieCsrfTokenRepository)
.csrfTokenRequestHandler(new CustomCsrfTokenRequestHandler())
)
<์๋ต>
}
์ด๋ ๊ฒ๊น์ง ํ๋๋ฐ, ์ ๋์๋ค.
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.requestMatchers(
"/css/**",
"/fonts/**",
"/img/**",
"/libs/**",
"/app/**",
"/views/**",
// "/auth/login", ์ฃผ์์ฒ๋ฆฌ
"/WEB-INF/**"
);
}
web.ignoring()์ผ๋ก ์ค์ ๋ ๊ฒฝ๋ก๋ ์คํ๋ง ์ํ๋ฆฌํฐ์ ํํฐ ์ฒด์ธ(CORS ํํฐ ํฌํจ)์ ์์ ํ ์ฐํํฉ๋๋ค.
์ฆ, corsConfigurationSource()์์ ์ ์ํ CORS ์ ์ฑ ์ด /auth/login ๊ฒฝ๋ก์๋ ์ ์ฉ๋์ง ์์ต๋๋ค.
๊ทธ๋์ ์ฃผ์์ฒ๋ฆฌ๋ฅผ ํ๋ค! ๊ทธ๋ฌ๋๋ ๋๋ค~~!