merge: develop <- feature/cors-setting

GoGetCustomer · Jan 23, 2025 · 960f702 · 960f702
2 parents 74bf63b + 69b3fe0
commit 960f702
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/.github/workflows/build-check.yml b/.github/workflows/build-check.yml
@@ -6,7 +6,7 @@ on:
       - "*"
 
 jobs:
-  build-docker-image:
+  build-test:
     runs-on: ubuntu-latest
 
     steps:

diff --git a/lms/src/main/java/com/example/lms/common/config/SecurityConfig.java b/lms/src/main/java/com/example/lms/common/config/SecurityConfig.java
@@ -25,6 +25,9 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.List;
 
@@ -41,6 +44,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http,
 												   @Qualifier("studentAuthenticationManager") AuthenticationManager studentAuthenticationManager,
 												   @Qualifier("instructorAuthenticationManager") AuthenticationManager instructorAuthenticationManager) throws Exception {
 		http
+			.cors(cors -> cors.configurationSource(corsConfigurationSource()))
 				.csrf(AbstractHttpConfigurer::disable)
 				.formLogin(AbstractHttpConfigurer::disable)
 				.httpBasic(AbstractHttpConfigurer::disable)
@@ -113,4 +117,24 @@ public BCryptPasswordEncoder bCryptPasswordEncoder() {
 			"/actuator/**",
 			"/v3/api-docs/**",
 	};
+
+	@Bean
+	public CorsConfigurationSource corsConfigurationSource() {
+		final CorsConfiguration configuration = new CorsConfiguration();
+		configuration.setAllowedOrigins(List.of("*"));
+		configuration.setAllowedMethods(List.of(ALLOWED_METHODS));
+		configuration.setAllowedHeaders(List.of(ALLOWED_HEADERS));
+		configuration.setAllowCredentials(false);
+
+		final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/**", configuration);
+		return source;
+	}
+
+
+	private final String[] ALLOWED_METHODS = {
+		"HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"
+	};
+
+	private final String[] ALLOWED_HEADERS = {"Authorization", "Cache-Control", "Content-Type"};
 }
diff --git a/lms/src/main/resources/application.yml b/lms/src/main/resources/application.yml
@@ -37,7 +37,7 @@ cloud:
       bucket: ${AWS_S3_BUCKET}
 
 server:
-  host: ${DEV_URL:http://localhost:8080}
+  host: ${DEV_URL:http://54.180.78.104:8080}
   port: 8080
 
 jwt:
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ on: @@
           - "*"
     jobs:
-      build-docker-image:
+      build-test:
         runs-on: ubuntu-latest
         steps:
@@ Expand Down @@