Merge remote-tracking branch 'origin/main'

# Conflicts:
#	src/main/java/kr/java/coditor/global/config/WebConfig.java

Author: Oysterbee

src/main/java/kr/java/coditor/domain/user/oauth2/OAuth2AuthenticationFailureHandler.java

@@ -24,7 +24,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
         String encodedErrorMessage = URLEncoder.encode(errorMessage, StandardCharsets.UTF_8);
 
         // 배포된 프론트엔드 로그인 페이지로 리다이렉트
-        String targetUrl = UriComponentsBuilder.fromUriString("https://www.coditor.xyz")
+        String targetUrl = UriComponentsBuilder.fromUriString("https://www.coditor.xyz/login")
                 .queryParam("error", encodedErrorMessage)
                 .build().toUriString();
 

src/main/java/kr/java/coditor/domain/user/oauth2/OAuth2AuthenticationSuccessHandler.java

@@ -60,8 +60,8 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 
         refreshTokenRepository.save(refreshToken);
 
-        // 배포된 프론트엔드 로그인 페이지로 리다이렉트
-        String targetUrl = UriComponentsBuilder.fromUriString("https://www.coditor.xyz")
+        // 배포된 프론트엔드 로그인 페이지로 리다이렉트 (경로 수정: /login 추가)
+        String targetUrl = UriComponentsBuilder.fromUriString("https://www.coditor.xyz/login")
                 .queryParam("accessToken", tokenResponseDto.getAccessToken())
                 .queryParam("refreshToken", tokenResponseDto.getRefreshToken())
 				.queryParam("nickname", user.getNickname())

src/main/java/kr/java/coditor/global/config/SecurityConfig.java

@@ -18,6 +18,12 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
@@ -41,6 +47,7 @@ public PasswordEncoder passwordEncoder() {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .csrf(AbstractHttpConfigurer::disable)
+            .cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
             .formLogin(AbstractHttpConfigurer::disable)
             .httpBasic(AbstractHttpConfigurer::disable)
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@@ -67,4 +74,17 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         return http.build();
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(List.of("http://localhost:5173", "http://localhost:3000", "https://www.coditor.xyz"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }