fix(infra): resolve CORS error and Nginx 502 Bad Gateway

- Update Hydra and Kratos CORS config to specify allowed origins explicitly instead of using wildcard with allow_credentials: true
- Fix Nginx upstream resolution for Oathkeeper to use correct container hostname (ory_oathkeeper)

docker/ory/hydra/hydra.yml

@@ -7,7 +7,15 @@ serve:
         cors:
             enabled: true
             allowed_origins:
-                - "*"
+                - http://localhost:5173
+                - http://localhost:5174
+                - http://localhost:5175
+                - http://localhost:5000
+                - https://ssologin.hmac.kr
+                - https://sso-test.hmac.kr
+                - https://app.brsw.kr
+                - https://sss.hmac.kr
+                - https://sso.hmac.kr
             allowed_methods:
                 - POST
                 - GET
@@ -37,7 +45,15 @@ serve:
         cors:
             enabled: true
             allowed_origins:
-                - "*"
+                - http://localhost:5173
+                - http://localhost:5174
+                - http://localhost:5175
+                - http://localhost:5000
+                - https://ssologin.hmac.kr
+                - https://sso-test.hmac.kr
+                - https://app.brsw.kr
+                - https://sss.hmac.kr
+                - https://sso.hmac.kr
             allowed_methods:
                 - POST
                 - GET

docker/ory/kratos/kratos.yml

@@ -8,8 +8,17 @@ serve:
         cors:
             enabled: true
             allowed_origins:
+                - http://localhost:5173
+                - http://localhost:5174
+                - http://localhost:5175
+                - http://localhost:5000
                 - http://backend:3000
                 - http://baron_backend:3000
+                - https://ssologin.hmac.kr
+                - https://sso-test.hmac.kr
+                - https://app.brsw.kr
+                - https://sss.hmac.kr
+                - https://sso.hmac.kr
     admin:
         base_url: http://localhost:4434/
 

docker/ory/oathkeeper/rules.active.json

@@ -156,4 +156,4 @@
     "authorizer": { "handler": "allow" },
     "mutators": [{ "handler": "noop" }]
   }
-]
+]

gateway/nginx.conf

@@ -31,7 +31,7 @@ server {
     resolver 127.0.0.11 valid=10s ipv6=off;
     set $backend_upstream http://baron_backend:3000;
     set $userfront_upstream http://baron_userfront:5000;
-    set $oathkeeper_upstream http://oathkeeper:4455;
+    set $oathkeeper_upstream http://ory_oathkeeper:4455;
 
     error_log /dev/stderr warn;
     access_log /var/log/nginx/access.log json_combined;