src/main/java/com/gcsc/guide/config/SecurityConfig.java

@@ -29,7 +29,7 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final ObjectMapper objectMapper;
 
-    @Value("${app.cors.allowed-origins:http://localhost:5173,http://localhost:5175,http://127.0.0.1:5175,https://guide.gc-si.dev,https://wing.gc-si.dev}")
+    @Value("${app.cors.allowed-origins:http://localhost:5173,https://guide.gc-si.dev}")
     private List<String> allowedOrigins;
 
     @Bean
@@ -41,8 +41,7 @@ public class SecurityConfig {
                 session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers(
-                    "/api/auth/google",
-                    "/api/auth/logout",
+                    "/api/auth/**",
                     "/api/health",
                     "/actuator/health",
                     "/h2-console/**",

src/main/resources/application.yml

@@ -27,15 +27,9 @@ app:
     expiration-ms: ${JWT_EXPIRATION:86400000}  # 24시간
   google:
     client-id: ${GOOGLE_CLIENT_ID:}
-    # Optional: allow multiple audiences (comma-separated) for shared auth across multiple frontends.
-    client-ids: ${GOOGLE_CLIENT_IDS:${GOOGLE_CLIENT_ID:}}
-  allowed-email-domain: ${ALLOWED_EMAIL_DOMAIN:gcsc.co.kr}
-  wing:
-    ais:
-      upstream-base: ${WING_AIS_UPSTREAM_BASE:http://211.208.115.83:8041}
-      timeout-ms: ${WING_AIS_TIMEOUT_MS:20000}
+  allowed-email-domain: gcsc.co.kr
   cors:
-    allowed-origins: ${CORS_ORIGINS:http://localhost:5173,http://localhost:5175,http://127.0.0.1:5175,https://guide.gc-si.dev,https://wing.gc-si.dev}
+    allowed-origins: ${CORS_ORIGINS:http://localhost:5173,https://guide.gc-si.dev}
 
 # SpringDoc / Swagger
 springdoc: