CORS설정변경

2025-10-30 19:34:27 +09:00 · 2025-10-30 19:34:27 +09:00 · 6e7a9386f6
commit 6e7a9386f6
parent 047703fb89
1 changed files with 4 additions and 31 deletions
--- a/analytics-service/src/main/java/com/kt/event/analytics/config/SecurityConfig.java
+++ b/analytics-service/src/main/java/com/kt/event/analytics/config/SecurityConfig.java
@ -3,7 +3,6 @@ package com.kt.event.analytics.config;
 import com.kt.event.common.security.JwtAuthenticationFilter;
 import com.kt.event.common.security.JwtTokenProvider;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -12,15 +11,12 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import java.util.Arrays;

 /**
 * Spring Security 설정
 * JWT 기반 인증 및 API 보안 설정
+ *
+ * ⚠️ CORS 설정은 WebConfig에서 관리합니다.
 */
@Configuration
@EnableWebSecurity
@ -29,14 +25,11 @@ public class SecurityConfig {

    private final JwtTokenProvider jwtTokenProvider;

-    @Value("${cors.allowed-origins:http://localhost:*}")
-    private String allowedOrigins;
-
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
            .csrf(AbstractHttpConfigurer::disable)
-            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+            .cors(AbstractHttpConfigurer::disable)  // CORS는 WebConfig에서 관리
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                .anyRequest().permitAll()
@ -46,25 +39,5 @@ public class SecurityConfig {
            .build();
    }

-    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-
-        String[] origins = allowedOrigins.split(",");
-        configuration.setAllowedOriginPatterns(Arrays.asList(origins));
-
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
-
-        configuration.setAllowedHeaders(Arrays.asList(
-            "Authorization", "Content-Type", "X-Requested-With", "Accept",
-            "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"
-        ));
-
-        configuration.setAllowCredentials(true);
-        configuration.setMaxAge(3600L);
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
-    }
+    // CORS 설정은 WebConfig에서 관리 (모든 origin 허용)
 }