From 8f9ef92dbaa86a77213e7c67b87a107b8fa623d3 Mon Sep 17 00:00:00 2001
From: chpark <chpark@wace.me>
Date: Thu, 25 Sep 2025 16:52:58 +0900
Subject: [PATCH] =?UTF-8?q?cors=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server.js | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/server.js b/server.js
index bd5400d..7ac4a17 100644
--- a/server.js
+++ b/server.js
@@ -19,10 +19,12 @@ const PORT = 5577;
 
 // 미들웨어 설정
 app.use(cors({
-    origin: function (origin, callback) {
-        // 모든 origin 허용 (개발/운영 환경 모두)
-        callback(null, true);
-    },
+    origin: [
+        'http://localhost:5577',
+        'http://127.0.0.1:5577',
+        'http://39.117.244.52:5577',
+        'https://39.117.244.52:5577'
+    ],
     credentials: true,
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
     allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key', 'X-Requested-With'],
@@ -33,7 +35,20 @@ app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));
 
 // OPTIONS 요청 처리 (CORS preflight)
 app.options('*', (req, res) => {
-    res.header('Access-Control-Allow-Origin', '*');
+    const origin = req.headers.origin;
+    const allowedOrigins = [
+        'http://localhost:5577',
+        'http://127.0.0.1:5577', 
+        'http://39.117.244.52:5577',
+        'https://39.117.244.52:5577'
+    ];
+    
+    if (allowedOrigins.includes(origin)) {
+        res.header('Access-Control-Allow-Origin', origin);
+    } else {
+        res.header('Access-Control-Allow-Origin', 'http://39.117.244.52:5577');
+    }
+    
     res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, X-Requested-With');
     res.header('Access-Control-Allow-Credentials', 'true');