From 47b5081839053b5308aff8d22594225e916a7ee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9C=A8=ED=83=9C?= Date: Wed, 5 Feb 2025 17:50:07 +0900 Subject: [PATCH] =?UTF-8?q?PATCH=20Method=EC=9D=B8=20=EA=B2=BD=EC=9A=B0?= =?UTF-8?q?=EC=97=90=EB=8F=84=20url=EC=9D=84=20csrf=20=EC=97=90=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/controller/MockApiHandlerMapping.java | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/eactive/testmaster/api/controller/MockApiHandlerMapping.java b/src/main/java/com/eactive/testmaster/api/controller/MockApiHandlerMapping.java index 0edbb8a..c675e31 100644 --- a/src/main/java/com/eactive/testmaster/api/controller/MockApiHandlerMapping.java +++ b/src/main/java/com/eactive/testmaster/api/controller/MockApiHandlerMapping.java @@ -1,10 +1,12 @@ package com.eactive.testmaster.api.controller; -import com.eactive.testmaster.api.entity.MockRoute; -import com.eactive.testmaster.api.service.MockRouteService; -import com.eactive.testmaster.config.CsrfExclusionService; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -13,6 +15,10 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.mvc.method.RequestMappingInfo; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; +import com.eactive.testmaster.api.entity.MockRoute; +import com.eactive.testmaster.api.service.MockRouteService; +import com.eactive.testmaster.config.CsrfExclusionService; + @Component public class MockApiHandlerMapping { @@ -30,6 +36,9 @@ public class MockApiHandlerMapping { @Autowired private CsrfExclusionService csrfExclusionService; + /** PATCH 도 추가 */ + final Set csrfAllowedMethods = new HashSet<>(Arrays.asList("POST", "PUT", "PATCH")); + @PostConstruct public void initialize() { mockRouteService.initAllRoutes(); @@ -46,7 +55,8 @@ public class MockApiHandlerMapping { try { requestMappingHandlerMapping.registerMapping(mappingInfo, mockApiController, MockApiController.class.getDeclaredMethod("handleRequest", HttpServletRequest.class)); - if (mockRoute.getMethod().equalsIgnoreCase("POST") || mockRoute.getMethod().equalsIgnoreCase("PUT")) { + + if (csrfAllowedMethods.contains(mockRoute.getMethod().toUpperCase())) { csrfExclusionService.addExcludedPath(mockRoute.getPathPattern()); } logger.info("Registered mapping for {} {}", mockRoute.getMethod(), mockRoute.getPathPattern());