From 2e9a281e2f25311a94f9406b8d9b93cb867358c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9B=90=EC=A7=80=EC=9C=A4?= Date: Wed, 6 May 2026 20:27:57 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20cors=20=ED=94=84=EB=A1=A0=ED=8A=B8?= =?UTF-8?q?=EC=97=94=EB=93=9C=20=EA=B0=9C=EB=B0=9C=20=EC=84=9C=EB=B2=84=20?= =?UTF-8?q?=EB=8F=84=EB=A9=94=EC=9D=B8=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/dnd/moddo/common/config/WebConfig.java | 2 +- src/main/resources/application.yml | 3 ++- src/test/java/com/dnd/moddo/global/util/ControllerTest.java | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/dnd/moddo/common/config/WebConfig.java b/src/main/java/com/dnd/moddo/common/config/WebConfig.java index a167020..5e8a0dc 100644 --- a/src/main/java/com/dnd/moddo/common/config/WebConfig.java +++ b/src/main/java/com/dnd/moddo/common/config/WebConfig.java @@ -20,7 +20,7 @@ public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") - .allowedOrigins(frontendProperties.corsAllowedOrigins().toArray(String[]::new)) + .allowedOriginPatterns(frontendProperties.corsAllowedOrigins().toArray(String[]::new)) .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS") .allowedHeaders("*") .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials") diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 81dc0dd..9bbec5f 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -44,6 +44,8 @@ cookie: frontend: cors-allowed-origins: - https://www.moddo.kr + - https://moddo-frontend.pages.dev + - https://*.moddo-frontend.pages.dev - http://localhost:3000 - http://localhost:4173 redirect-allowed-origins: @@ -74,4 +76,3 @@ spring: - diff --git a/src/test/java/com/dnd/moddo/global/util/ControllerTest.java b/src/test/java/com/dnd/moddo/global/util/ControllerTest.java index 63464ed..6650676 100644 --- a/src/test/java/com/dnd/moddo/global/util/ControllerTest.java +++ b/src/test/java/com/dnd/moddo/global/util/ControllerTest.java @@ -151,7 +151,8 @@ void setUpCookieProperties() { given(cookieProperties.sameSite()).willReturn("none"); given(cookieProperties.maxAge()).willReturn(Duration.ofDays(7)); given(frontendProperties.corsAllowedOrigins()).willReturn( - java.util.List.of("https://www.moddo.kr", "http://localhost:3000", "http://localhost:4173") + java.util.List.of("https://www.moddo.kr", "https://moddo-frontend.pages.dev", + "https://*.moddo-frontend.pages.dev", "http://localhost:3000", "http://localhost:4173") ); given(frontendProperties.redirectAllowedOrigins()).willReturn( java.util.List.of("http://localhost:3000", "https://moddo-frontend.pages.dev", "https://www.moddo.kr", From 91dbd21b6cb76da3af1d5d54f901f588b6d6e22f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9B=90=EC=A7=80=EC=9C=A4?= Date: Wed, 6 May 2026 20:43:50 +0900 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20CORS=20=EC=99=80=EC=9D=BC=EB=93=9C?= =?UTF-8?q?=EC=B9=B4=EB=93=9C=20origin=EB=A7=8C=20allowedOriginPatterns?= =?UTF-8?q?=EB=A1=9C=20=EB=B6=84=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/dnd/moddo/common/config/WebConfig.java | 11 ++++++++++- .../com/dnd/moddo/global/util/ControllerTest.java | 3 +-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/dnd/moddo/common/config/WebConfig.java b/src/main/java/com/dnd/moddo/common/config/WebConfig.java index 5e8a0dc..65cd38e 100644 --- a/src/main/java/com/dnd/moddo/common/config/WebConfig.java +++ b/src/main/java/com/dnd/moddo/common/config/WebConfig.java @@ -19,8 +19,17 @@ public class WebConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { + List corsAllowedOrigins = frontendProperties.corsAllowedOrigins(); + String[] allowedOrigins = corsAllowedOrigins.stream() + .filter(origin -> !origin.contains("*")) + .toArray(String[]::new); + String[] allowedOriginPatterns = corsAllowedOrigins.stream() + .filter(origin -> origin.contains("*")) + .toArray(String[]::new); + registry.addMapping("/**") - .allowedOriginPatterns(frontendProperties.corsAllowedOrigins().toArray(String[]::new)) + .allowedOrigins(allowedOrigins) + .allowedOriginPatterns(allowedOriginPatterns) .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS") .allowedHeaders("*") .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials") diff --git a/src/test/java/com/dnd/moddo/global/util/ControllerTest.java b/src/test/java/com/dnd/moddo/global/util/ControllerTest.java index 6650676..63464ed 100644 --- a/src/test/java/com/dnd/moddo/global/util/ControllerTest.java +++ b/src/test/java/com/dnd/moddo/global/util/ControllerTest.java @@ -151,8 +151,7 @@ void setUpCookieProperties() { given(cookieProperties.sameSite()).willReturn("none"); given(cookieProperties.maxAge()).willReturn(Duration.ofDays(7)); given(frontendProperties.corsAllowedOrigins()).willReturn( - java.util.List.of("https://www.moddo.kr", "https://moddo-frontend.pages.dev", - "https://*.moddo-frontend.pages.dev", "http://localhost:3000", "http://localhost:4173") + java.util.List.of("https://www.moddo.kr", "http://localhost:3000", "http://localhost:4173") ); given(frontendProperties.redirectAllowedOrigins()).willReturn( java.util.List.of("http://localhost:3000", "https://moddo-frontend.pages.dev", "https://www.moddo.kr",