From 29285d85767309d9dc8384ca73a3a0c03769eff5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=B0=95=EC=84=B8=EC=9B=90?= <tpdnjs1825@naver.com>
Date: Thu, 30 Oct 2025 17:04:11 +0900
Subject: [PATCH] =?UTF-8?q?AI=20Service=20CORS=20=EC=84=A4=EC=A0=95=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80=EB=A1=9C=20Swagger=20UI=20=ED=85=8C=EC=8A=A4?=
 =?UTF-8?q?=ED=8A=B8=20=EC=A7=80=EC=9B=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- SecurityConfig에 CORS 설정 추가
- 모든 Origin 허용 (AllowedOriginPatterns: *)
- 모든 HTTP Method 허용 (GET, POST, PUT, DELETE, OPTIONS, PATCH)
- 모든 Header 허용
- Credentials 지원
- Swagger UI에서 API 테스트 시 CORS 에러 해결

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../java/com/kt/ai/config/SecurityConfig.java | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java b/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
index 298aebf..dd39aca 100644
--- a/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
+++ b/ai-service/src/main/java/com/kt/ai/config/SecurityConfig.java
@@ -34,6 +34,9 @@ public class SecurityConfig {
                 // CSRF 비활성화 (REST API는 CSRF 불필요)
                 .csrf(AbstractHttpConfigurer::disable)
 
+                // CORS 설정
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+
                 // 세션 사용 안 함 (JWT 기반 인증)
                 .sessionManagement(session ->
                         session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -47,6 +50,26 @@ public class SecurityConfig {
         return http.build();
     }
 
+    /**
+     * CORS 설정
+     * - 모든 Origin 허용 (Swagger UI 테스트를 위해)
+     * - 모든 HTTP Method 허용
+     * - 모든 Header 허용
+     */
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(List.of("*")); // 모든 Origin 허용
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     /**
      * Chrome DevTools 요청 등 정적 리소스 요청을 Spring Security에서 제외
      */