themoment-team · hajeu · Oct 30, 2023 · Oct 30, 2023 · SungGil-5125 · Oct 30, 2023
diff --git a/src/main/kotlin/team/themoment/gsmNetworking/global/security/SecurityConfig.kt b/src/main/kotlin/team/themoment/gsmNetworking/global/security/SecurityConfig.kt
@@ -9,6 +9,9 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler
+import org.springframework.web.cors.CorsConfiguration
+import org.springframework.web.cors.CorsConfigurationSource
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 import team.themoment.gsmNetworking.domain.auth.domain.Authority
 import team.themoment.gsmNetworking.global.filter.ExceptionHandlerFilter
 import team.themoment.gsmNetworking.global.filter.TokenRequestFilter
@@ -34,6 +37,8 @@ class SecurityConfig(
             .formLogin().disable()
             .httpBasic().disable()
             .csrf().disable()
+            .cors().configurationSource(corsConfigurationSource())
+            .and()
             .apply(FilterConfig(tokenRequestFilter, exceptionHandlerFilter))
         logout(http)
         oauth2Login(http)
@@ -75,4 +80,17 @@ class SecurityConfig(
             .deleteCookies(JwtProperties.ACCESS, JwtProperties.REFRESH)
     }
 
+    @Bean
+    fun corsConfigurationSource(): CorsConfigurationSource {
+        val configuration = CorsConfiguration()
+        val source = UrlBasedCorsConfigurationSource()
+        configuration.allowedOrigins = listOf("*")
+        configuration.setAllowedMethods(
+            mutableListOf("GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS")
+        )
+        configuration.allowedHeaders = mutableListOf("*")
+        configuration.allowCredentials = true
+        source.registerCorsConfiguration("/**", configuration)
+        return source
+    }
 }