Merge pull request 'fix(cors): wing.gc-si.dev CORS 허용 (application.yml + SecurityConfig)' (#13 ) from develop into main

Reviewed-on: #13
Merge pull request 'fix(cors): application.yml CORS 기본값에 wing.gc-si.dev 추가' (#12 ) from codex/wing-login into develop
2026-02-16 09:08:24 +09:00 · 2026-02-16 09:07:51 +09:00 · 2026-02-16 09:07:17 +09:00 · 2026-02-16 09:02:38 +09:00 · 2026-02-16 09:02:07 +09:00 · 2026-02-16 09:01:33 +09:00
--- a/src/main/java/com/gcsc/guide/config/SecurityConfig.java
+++ b/src/main/java/com/gcsc/guide/config/SecurityConfig.java
@ -29,7 +29,7 @@ public class SecurityConfig {
    private final JwtAuthenticationFilter jwtAuthenticationFilter;
    private final ObjectMapper objectMapper;

-    @Value("${app.cors.allowed-origins:http://localhost:5173,https://guide.gc-si.dev}")
+    @Value("${app.cors.allowed-origins:http://localhost:5173,http://localhost:5175,http://127.0.0.1:5175,https://guide.gc-si.dev,https://wing.gc-si.dev}")
    private List<String> allowedOrigins;

    @Bean
@ -41,7 +41,8 @@ public class SecurityConfig {
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                .requestMatchers(
-                    "/api/auth/**",
+                    "/api/auth/google",
+                    "/api/auth/logout",
                    "/api/health",
                    "/actuator/health",
                    "/h2-console/**",
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -27,9 +27,15 @@ app:
    expiration-ms: ${JWT_EXPIRATION:86400000}  # 24시간
  google:
    client-id: ${GOOGLE_CLIENT_ID:}
-  allowed-email-domain: gcsc.co.kr
+    # Optional: allow multiple audiences (comma-separated) for shared auth across multiple frontends.
+    client-ids: ${GOOGLE_CLIENT_IDS:${GOOGLE_CLIENT_ID:}}
+  allowed-email-domain: ${ALLOWED_EMAIL_DOMAIN:gcsc.co.kr}
+  wing:
+    ais:
+      upstream-base: ${WING_AIS_UPSTREAM_BASE:http://211.208.115.83:8041}
+      timeout-ms: ${WING_AIS_TIMEOUT_MS:20000}
  cors:
-    allowed-origins: ${CORS_ORIGINS:http://localhost:5173,https://guide.gc-si.dev}
+    allowed-origins: ${CORS_ORIGINS:http://localhost:5173,http://localhost:5175,http://127.0.0.1:5175,https://guide.gc-si.dev,https://wing.gc-si.dev}

 # SpringDoc / Swagger
 springdoc:
작성자	SHA1	메시지	날짜
htlee	4c837b0ce4	Merge pull request 'fix(cors): wing.gc-si.dev CORS 허용 (application.yml + SecurityConfig)' (#13 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 13s Details Reviewed-on: #13	2026-02-16 09:08:24 +09:00
htlee	460f941a8b	Merge pull request 'fix(cors): application.yml CORS 기본값에 wing.gc-si.dev 추가' (#12 ) from codex/wing-login into develop	2026-02-16 09:07:51 +09:00
htlee	04f3de3890	fix(cors): application.yml CORS 기본값에 wing.gc-si.dev 추가 @Value 기본값보다 application.yml이 우선 적용되므로 application.yml에도 wing.gc-si.dev, localhost:5175 등 추가. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 09:07:17 +09:00
htlee	a5f58970a9	Merge pull request 'fix(cors): wing.gc-si.dev CORS 허용 + wing 관련 기능' (#11 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 17s Details Reviewed-on: #11	2026-02-16 09:02:38 +09:00
htlee	89b7936671	Merge pull request 'fix(cors): @Value 기본값에 wing.gc-si.dev 추가' (#10 ) from codex/wing-login into develop	2026-02-16 09:02:07 +09:00
htlee	3b70d8c33d	fix(cors): @Value 기본값에 wing.gc-si.dev 추가 application.yml의 CORS 설정과 동기화하여 프로덕션 환경에서 wing.gc-si.dev → guide.gc-si.dev 크로스오리진 요청 허용. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-16 09:01:33 +09:00
htlee	30f0b28460	Merge pull request 'fix(security): 인증 에러 401 응답 + permitAll 패턴 수정' (#9 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 17s Details Reviewed-on: #9	2026-02-14 22:06:45 +09:00
htlee	8e780413ce	fix(security): permitAll 패턴에서 /api/auth/me 제외 /api/auth/** 와일드카드가 /api/auth/me까지 공개하여 인증 없이 접근 시 NPE(500) 발생. /api/auth/google과 /api/auth/logout만 공개하도록 수정. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 22:01:17 +09:00
htlee	c0e33e11d7	Merge pull request 'fix(security): 인증 에러 401 응답 + CORS 헤더 누락 수정' (#8 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 17s Details Reviewed-on: #8	2026-02-14 21:55:11 +09:00
htlee	c295da16d1	Merge branch 'feature/admin-and-api' into develop	2026-02-14 21:54:26 +09:00
htlee	e92b0e15ef	Merge pull request 'develop' (#7 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 17s Details Reviewed-on: #7	2026-02-14 21:38:36 +09:00
htlee	1955165985	Merge pull request 'docs: Swagger/OpenAPI 문서 전체 구현' (#6 ) from feature/admin-and-api into develop Reviewed-on: #6	2026-02-14 21:36:51 +09:00
htlee	57b11774eb	Merge pull request 'develop' (#5 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 16s Details Reviewed-on: #5	2026-02-14 21:15:16 +09:00
htlee	487832675c	Merge pull request 'feat: 관리자/활동/이슈 API 전체 구현' (#4 ) from feature/admin-and-api into develop Reviewed-on: #4	2026-02-14 21:14:24 +09:00
htlee	3e918baf74	Merge pull request 'fix: CI/CD 워크플로우 checkout 에러 수정' (#3 ) from develop into main All checks were successful Build and Deploy API / build-and-deploy (push) Successful in 21s Details Reviewed-on: #3	2026-02-14 20:21:12 +09:00
htlee	acf18221ae	Merge pull request 'feat: CI/CD 자동 배포 워크플로우 추가' (#2 ) from develop into main Some checks failed Build and Deploy API / build-and-deploy (push) Failing after 21s Details Reviewed-on: #2	2026-02-14 20:15:38 +09:00