feat: cors 프론트엔드 개발 서버 도메인 추가

[sudhdkso]

#️⃣연관된 이슈

X

🔀반영 브랜치

fix/login -> develop

🔧변경 사항

• CORS 허용 origin 목록에 https://moddo-frontend.pages.dev를 추가했습니다.
• Cloudflare Pages preview 도메인 대응을 위해 https://*.moddo-frontend.pages.dev를 추가했습니다.
• 와일드카드 origin이 동작하도록 Spring CORS 설정을 allowedOriginPatterns 기반으로 변경했습니다.
• Controller 테스트 공통 설정의 CORS mock 목록을 실제 설정과 맞췄습니다.

💬리뷰 요구사항(선택)

X

체크

• 테스트 코드 포함 여부
• 불필요한 로그 제거
• 예외 처리 여부

검증: ./gradlew compileJava

Summary by CodeRabbit

릴리스 노트

• Chores

  • CORS 설정 방식을 패턴 기반 매칭으로 업데이트했습니다.
  • 새로운 프론트엔드 도메인(moddo-frontend.pages.dev 및 관련 서브도메인)을 CORS 허용 목록에 추가했습니다.

• Tests

  • 새로운 출처에 대한 테스트 커버리지를 확대했습니다.

[coderabbitai]

Warning

Rate limit exceeded

@sudhdkso has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 45 minutes and 51 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2f66a167-a0b0-4c86-9b85-1e5f7e91d8d1

📥 Commits

Reviewing files that changed from the base of the PR and between 2e9a281 and 91dbd21.

📒 Files selected for processing (1)

• src/main/java/com/dnd/moddo/common/config/WebConfig.java

Walkthrough

CORS 설정을 직접 출처 매칭에서 패턴 기반 매칭으로 변경하였습니다. 애플리케이션 설정에 두 개의 새로운 출처 패턴을 추가하고, 웹 설정에서 allowedOrigins()을 allowedOriginPatterns()으로 교체하며, 테스트도 동기화하였습니다.

Changes

CORS 패턴 기반 출처 매칭 전환

Layer / File(s)	Summary
설정 및 데이터 추가 src/main/resources/application.yml	frontend.cors-allowed-origins에 moddo-frontend.pages.dev와 *.moddo-frontend.pages.dev 두 개의 새로운 출처 패턴 추가
코어 구현 src/main/java/com/dnd/moddo/common/config/WebConfig.java	CORS 등록에서 allowedOrigins()을 allowedOriginPatterns()으로 변경하여 패턴 기반 출처 매칭 사용
테스트 동기화 src/test/java/com/dnd/moddo/global/util/ControllerTest.java	setUpCookieProperties() 메서드의 corsAllowedOrigins 집합에 새로운 두 출처 추가

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested Reviewers

• choyeseol

Poem

🐰 와일드카드로 패턴을 그리고,
출처 제약도 유연하게 펼쳐,
설정에서 코드까지 맞춰가며,
CORS의 경계를 다시 정의한다네! 🌐✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경사항의 핵심 내용과 일치합니다. 제목은 CORS 설정에 프론트엔드 개발 서버 도메인을 추가하는 것을 명확하게 설명합니다.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/login

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/main/resources/application.yml (1)

44-50: 💤 Low value

https://*.moddo-frontend.pages.dev 와일드카드 범위 확인

Spring의 allowedOriginPatterns는 호스트명 내 어디에나 *를 허용하는 유연한 패턴 매칭을 지원합니다. 내부적으로 *는 .* 정규식으로 변환되므로, https://*.moddo-frontend.pages.dev는 https://branch.pr.moddo-frontend.pages.dev처럼 다단계 서브도메인도 허용합니다.

Cloudflare Pages의 preview URL 형식(<branch>.moddo-frontend.pages.dev)을 고려하면 현재 설정이 의도에 맞지만, 향후 해당 Cloudflare Pages 프로젝트 외부에서 서브도메인이 발급될 경우(예: DNS 위임 등)를 대비해 이 점을 팀 내에서 인지하고 있는 것이 좋습니다.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/main/resources/application.yml` around lines 44 - 50, Current wildcard
entry frontend.cors-allowed-origins: "https://*.moddo-frontend.pages.dev" allows
multi-level subdomains because Spring converts * to .*; verify whether you
intend to permit multi-level subdomains (e.g.,
branch.pr.moddo-frontend.pages.dev) or only single-level preview branches, and
then either keep the entry as-is or tighten it by replacing the pattern with a
more restrictive allowedOriginPatterns value that matches only single-level
subdomains (for example a pattern matching one label before
.moddo-frontend.pages.dev). Ensure changes are applied to the
frontend.cors-allowed-origins configuration.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/main/resources/application.yml`:
- Around line 44-50: Current wildcard entry frontend.cors-allowed-origins:
"https://*.moddo-frontend.pages.dev" allows multi-level subdomains because
Spring converts * to .*; verify whether you intend to permit multi-level
subdomains (e.g., branch.pr.moddo-frontend.pages.dev) or only single-level
preview branches, and then either keep the entry as-is or tighten it by
replacing the pattern with a more restrictive allowedOriginPatterns value that
matches only single-level subdomains (for example a pattern matching one label
before .moddo-frontend.pages.dev). Ensure changes are applied to the
frontend.cors-allowed-origins configuration.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4ba8c8d1-57f4-4c05-b8de-0ccf6ede969a

📥 Commits

Reviewing files that changed from the base of the PR and between 453cf3b and 2e9a281.

📒 Files selected for processing (3)

• src/main/java/com/dnd/moddo/common/config/WebConfig.java
• src/main/resources/application.yml
• src/test/java/com/dnd/moddo/global/util/ControllerTest.java

[github-actions]

📝 테스트 커버리지 리포트입니다!

There is no coverage information present for the Files changed

Total Project Coverage	70.43%	❌