From a844fd44cc68448330ffc7422dc168ffbbef298c Mon Sep 17 00:00:00 2001
From: joungmin <joungmin@joungmins-Mac-mini.local>
Date: Mon, 9 Mar 2026 20:30:54 +0900
Subject: [PATCH] Fix CORS: allow tasteby.net origin and integrate with Spring
 Security

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../com/tasteby/config/SecurityConfig.java    |  1 +
 .../java/com/tasteby/config/WebConfig.java    | 26 +++++++++++++------
 .../src/main/resources/application.yml        |  2 +-
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/backend-java/src/main/java/com/tasteby/config/SecurityConfig.java b/backend-java/src/main/java/com/tasteby/config/SecurityConfig.java
index 168667f..10c2eaa 100644
--- a/backend-java/src/main/java/com/tasteby/config/SecurityConfig.java
+++ b/backend-java/src/main/java/com/tasteby/config/SecurityConfig.java
@@ -24,6 +24,7 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+            .cors(cors -> {})
             .csrf(AbstractHttpConfigurer::disable)
             .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
diff --git a/backend-java/src/main/java/com/tasteby/config/WebConfig.java b/backend-java/src/main/java/com/tasteby/config/WebConfig.java
index cc0a923..dd8a53c 100644
--- a/backend-java/src/main/java/com/tasteby/config/WebConfig.java
+++ b/backend-java/src/main/java/com/tasteby/config/WebConfig.java
@@ -1,22 +1,32 @@
 package com.tasteby.config;
 
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import java.util.Arrays;
+import java.util.List;
+
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 
     @Value("${app.cors.allowed-origins}")
     private String allowedOrigins;
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/api/**")
-                .allowedOrigins(allowedOrigins.split(","))
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*")
-                .allowCredentials(true);
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
+        config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        config.setAllowedHeaders(List.of("*"));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/api/**", config);
+        return source;
     }
 }
diff --git a/backend-java/src/main/resources/application.yml b/backend-java/src/main/resources/application.yml
index 23f083d..eb5d291 100644
--- a/backend-java/src/main/resources/application.yml
+++ b/backend-java/src/main/resources/application.yml
@@ -38,7 +38,7 @@ app:
     expiration-days: 7
 
   cors:
-    allowed-origins: http://localhost:3000,http://localhost:3001
+    allowed-origins: http://localhost:3000,http://localhost:3001,https://www.tasteby.net,https://tasteby.net
 
   oracle:
     wallet-path: ${ORACLE_WALLET:}