From 879504ea8ed4d63e389ee4128e29474c47feb6a7 Mon Sep 17 00:00:00 2001
From: chpark <chpark@wace.me>
Date: Thu, 25 Sep 2025 16:48:28 +0900
Subject: [PATCH] =?UTF-8?q?cors=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server.js | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index a588ad0..bd5400d 100644
--- a/server.js
+++ b/server.js
@@ -18,10 +18,28 @@ const app = express();
 const PORT = 5577;
 
 // 미들웨어 설정
-app.use(cors());
+app.use(cors({
+    origin: function (origin, callback) {
+        // 모든 origin 허용 (개발/운영 환경 모두)
+        callback(null, true);
+    },
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key', 'X-Requested-With'],
+    exposedHeaders: ['Content-Length', 'X-Foo', 'X-Bar']
+}));
 app.use(bodyParser.json({ limit: '50mb' }));
 app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));
 
+// OPTIONS 요청 처리 (CORS preflight)
+app.options('*', (req, res) => {
+    res.header('Access-Control-Allow-Origin', '*');
+    res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, X-Requested-With');
+    res.header('Access-Control-Allow-Credentials', 'true');
+    res.sendStatus(200);
+});
+
 // 정적 파일 서빙 (개발 환경에서 캐시 비활성화)
 app.use(express.static(path.join(__dirname, 'public'), {
     etag: false,