From 04bed42e3f669c393a4feddbdc7a2a3d641a007f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=ED=99=A9=ED=98=B8=EC=9C=A4?= <hoyoon9227@gmail.com>
Date: Fri, 15 Dec 2023 00:20:57 +0900
Subject: [PATCH] =?UTF-8?q?http://localhost:3000=20=EB=8F=84=EB=A9=94?=
 =?UTF-8?q?=EC=9D=B8=20=ED=97=88=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/config/WebSecurityConfig.java      | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/main/java/com/chwipoClova/common/config/WebSecurityConfig.java b/src/main/java/com/chwipoClova/common/config/WebSecurityConfig.java
index 1e93046..cc2431a 100644
--- a/src/main/java/com/chwipoClova/common/config/WebSecurityConfig.java
+++ b/src/main/java/com/chwipoClova/common/config/WebSecurityConfig.java
@@ -18,6 +18,12 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+
+import java.util.Arrays;
 
 @Configuration
 @EnableWebSecurity
@@ -62,4 +68,20 @@ public SecurityFilterChain securityFilterChain(final @NotNull  HttpSecurity http
         ;
         return http.build();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.addAllowedOrigin("http://localhost:3000");
+        configuration.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowCredentials(true);
+        configuration.setAllowedHeaders(Arrays.asList("Authorization", "Authorization-refresh", "Cache-Control", "Content-Type"));
+
+        /* 응답 헤더 설정 추가*/
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Authorization-refresh"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }