From 39d364a2a507ea328e1adeb1c3ff8799f5ec9473 Mon Sep 17 00:00:00 2001
From: drunkenhw <drunkenhw@gmail.com>
Date: Fri, 29 Sep 2023 12:15:09 +0900
Subject: [PATCH] =?UTF-8?q?chore:=20cors=20filter=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/com/carffeine/carffeine/web/CorsFilter.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java b/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
index 144b5f4fa..8a2b26836 100644
--- a/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
+++ b/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
@@ -13,7 +13,10 @@
 public class CorsFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        response.setHeader("Access-Control-Allow-Origin", "*");
+        String origin = request.getHeader("origin");
+        if (origin.endsWith(".carffe.in")) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+        }
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "*");
         response.setHeader("Access-Control-Max-Age", "3600");