Skip to content

Commit

Permalink
[HOTFIX] 쿠키 설정 방식 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
@ehs208
ehs208 committed Jan 13, 2025
1 parent fcc9319 commit 125b11e
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 31 deletions.
52 changes: 22 additions & 30 deletions src/main/java/com/example/eatmate/global/auth/login/oauth/OAuthLoginSuccessHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import com.example.eatmate.global.auth.jwt.JwtService;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
Expand Down Expand Up @@ -54,40 +53,33 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo

// 쿠키 설정 메소드 생성
private void setTokensInCookie(HttpServletResponse response, String accessToken, String refreshToken) {

// Access Token 쿠키 설정
Cookie accessTokenCookie = new Cookie("AccessToken", accessToken);
accessTokenCookie.setHttpOnly(COOKIE_HTTP_ONLY);
accessTokenCookie.setSecure(COOKIE_SECURE);
accessTokenCookie.setPath(COOKIE_PATH);
accessTokenCookie.setMaxAge(ACCESS_TOKEN_MAX_AGE);

// Refresh Token 쿠키 설정 (필요 시)
Cookie refreshTokenCookie = null;
if (refreshToken != null) {
refreshTokenCookie = new Cookie("RefreshToken", refreshToken);
refreshTokenCookie.setHttpOnly(COOKIE_HTTP_ONLY);
refreshTokenCookie.setSecure(COOKIE_SECURE);
refreshTokenCookie.setPath(COOKIE_PATH);
refreshTokenCookie.setMaxAge(REFRESH_TOKEN_MAX_AGE);
}
String accessTokenCookieString = String.format("AccessToken=%s; " +
"Path=%s; " +
"Max-Age=%d; " +
"HttpOnly; " +
"Secure; " +
"SameSite=None",
accessToken,
COOKIE_PATH,
ACCESS_TOKEN_MAX_AGE);

// SameSite 설정
response.addHeader("Set-Cookie", "AccessToken=" + accessToken +
"; HttpOnly; Secure=" + COOKIE_SECURE + "; SameSite=None; Path=" + COOKIE_PATH + "; Max-Age="
+ ACCESS_TOKEN_MAX_AGE);
response.addHeader("Set-Cookie", accessTokenCookieString);

// Refresh Token 쿠키 설정
if (refreshToken != null) {
response.addHeader("Set-Cookie", "RefreshToken=" + refreshToken +
"; HttpOnly; Secure=" + COOKIE_SECURE + "; SameSite=None; Path=" + COOKIE_PATH + "; Max-Age="
+ REFRESH_TOKEN_MAX_AGE);
}
// 응답에 쿠키 추가
response.addCookie(accessTokenCookie);
if (refreshTokenCookie != null) {
response.addCookie(refreshTokenCookie);
}
String refreshTokenCookieString = String.format("RefreshToken=%s; " +
"Path=%s; " +
"Max-Age=%d; " +
"HttpOnly; " +
"Secure; " +
"SameSite=None",
refreshToken,
COOKIE_PATH,
REFRESH_TOKEN_MAX_AGE);

response.addHeader("Set-Cookie", refreshTokenCookieString);
}
}

// 로그용 (삭제해도 ok)
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/com/example/eatmate/global/config/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,10 @@ public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();

configuration.setAllowedOrigins(Arrays.asList(
"http://localhost:3000",
"http://localhost:3000/",
"https://develop.d4u0qurydeei4.amplifyapp.com"
));
configuration.addAllowedOriginPattern("*");
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("Content-Type", "Authorization", "Cookie"));
configuration.setExposedHeaders(
Expand Down

0 comments on commit 125b11e

Please sign in to comment.