From 8ff156b5dc1d9a4c63cdcd4186548a7e5b81c732 Mon Sep 17 00:00:00 2001
From: Jihun Kim <zh1229@naver.com>
Date: Wed, 27 Aug 2025 21:24:05 +0900
Subject: [PATCH] =?UTF-8?q?bug:=20=EC=9B=A8=EC=9D=B4=ED=8C=85=20=EB=93=B1?=
 =?UTF-8?q?=EB=A1=9D=20cors=20=EB=B2=84=EA=B7=B8=20=EC=9E=84=EC=8B=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../config/security/SecurityConfig.java            | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java
index 909fac3c..17ab83f4 100644
--- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java
+++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java
@@ -12,7 +12,6 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.web.cors.CorsConfigurationSource;
 
 import com.nowait.applicationuser.oauth.oauth2.CustomOAuth2UserService;
@@ -38,12 +37,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			.cors(cors -> cors.configurationSource(corsConfigurationSource))
 			// CSRF 방어 기능 비활성화 (jwt 토큰을 사용할 것이기에 필요없음)
-			.csrf(csrf -> csrf
-				.ignoringRequestMatchers(
-					"/api/**", "/login/**", "/oauth2/**",
-					"/swagger-ui/**", "/v3/api-docs/**", "/orders/**")
-				.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-			)
+			// .csrf(csrf -> csrf
+			// 	.ignoringRequestMatchers(
+			// 		"/api/**", "/login/**", "/oauth2/**",
+			// 		"/swagger-ui/**", "/v3/api-docs/**", "/orders/**")
+			// 	.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+			// )
+			.csrf(AbstractHttpConfigurer::disable)
 			// 시큐리티 폼 로그인 비활성화
 			.formLogin(AbstractHttpConfigurer::disable)
 			// HTTP Basic 인증 비활성화