Skip to content

Commit 06b9ae1

Browse files
UralauahUralauah
authored
fix: CSRF 토큰 비활성화 (#104)
1 parent eab315f commit 06b9ae1

File tree

1 file changed

+1
-7
lines changed

1 file changed

+1
-7
lines changed

gotcha-auth/src/main/java/gotcha_auth/config/SecurityConfig.java

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@
1717
import org.springframework.security.crypto.password.PasswordEncoder;
1818
import org.springframework.security.web.SecurityFilterChain;
1919
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
20-
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
21-
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
2220
import org.springframework.web.cors.CorsConfigurationSource;
2321

2422
@Configuration
@@ -29,8 +27,6 @@ public class SecurityConfig {
2927
private final JwtExceptionFilter jwtExceptionFilter;
3028
private final CorsConfigurationSource corsConfigurationSource;
3129
private final CustomAccessDeniedHandler accessDeniedHandler;
32-
private final CookieCsrfTokenRepository csrfTokenRepository;
33-
private final CsrfTokenRequestAttributeHandler csrfTokenRequestAttributeHandler;
3430

3531
@Bean
3632
PasswordEncoder passwordEncoder() {
@@ -41,9 +37,7 @@ PasswordEncoder passwordEncoder() {
4137
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
4238

4339
http
44-
.csrf(csrf -> csrf
45-
.csrfTokenRepository(csrfTokenRepository)
46-
.csrfTokenRequestHandler(csrfTokenRequestAttributeHandler))
40+
.csrf(AbstractHttpConfigurer::disable)
4741
.headers(headers -> headers
4842
.frameOptions(frameOptions -> frameOptions.disable()) // 여기 추가
4943
)

0 commit comments

Comments
 (0)