From 125b11ec86cbd7d24b6ba03fb2892f23db45b53b Mon Sep 17 00:00:00 2001 From: EunHyunsu Date: Mon, 13 Jan 2025 22:38:51 +0900 Subject: [PATCH] =?UTF-8?q?[HOTFIX]=20=EC=BF=A0=ED=82=A4=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20=EB=B0=A9=EC=8B=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../login/oauth/OAuthLoginSuccessHandler.java | 52 ++++++++----------- .../eatmate/global/config/SecurityConfig.java | 3 +- 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/src/main/java/com/example/eatmate/global/auth/login/oauth/OAuthLoginSuccessHandler.java b/src/main/java/com/example/eatmate/global/auth/login/oauth/OAuthLoginSuccessHandler.java index 6cad806..98e93ca 100644 --- a/src/main/java/com/example/eatmate/global/auth/login/oauth/OAuthLoginSuccessHandler.java +++ b/src/main/java/com/example/eatmate/global/auth/login/oauth/OAuthLoginSuccessHandler.java @@ -10,7 +10,6 @@ import com.example.eatmate.global.auth.jwt.JwtService; import jakarta.servlet.ServletException; -import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; @@ -54,40 +53,33 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo // 쿠키 설정 메소드 생성 private void setTokensInCookie(HttpServletResponse response, String accessToken, String refreshToken) { - // Access Token 쿠키 설정 - Cookie accessTokenCookie = new Cookie("AccessToken", accessToken); - accessTokenCookie.setHttpOnly(COOKIE_HTTP_ONLY); - accessTokenCookie.setSecure(COOKIE_SECURE); - accessTokenCookie.setPath(COOKIE_PATH); - accessTokenCookie.setMaxAge(ACCESS_TOKEN_MAX_AGE); - - // Refresh Token 쿠키 설정 (필요 시) - Cookie refreshTokenCookie = null; - if (refreshToken != null) { - refreshTokenCookie = new Cookie("RefreshToken", refreshToken); - refreshTokenCookie.setHttpOnly(COOKIE_HTTP_ONLY); - refreshTokenCookie.setSecure(COOKIE_SECURE); - refreshTokenCookie.setPath(COOKIE_PATH); - refreshTokenCookie.setMaxAge(REFRESH_TOKEN_MAX_AGE); - } + String accessTokenCookieString = String.format("AccessToken=%s; " + + "Path=%s; " + + "Max-Age=%d; " + + "HttpOnly; " + + "Secure; " + + "SameSite=None", + accessToken, + COOKIE_PATH, + ACCESS_TOKEN_MAX_AGE); - // SameSite 설정 - response.addHeader("Set-Cookie", "AccessToken=" + accessToken + - "; HttpOnly; Secure=" + COOKIE_SECURE + "; SameSite=None; Path=" + COOKIE_PATH + "; Max-Age=" - + ACCESS_TOKEN_MAX_AGE); + response.addHeader("Set-Cookie", accessTokenCookieString); + // Refresh Token 쿠키 설정 if (refreshToken != null) { - response.addHeader("Set-Cookie", "RefreshToken=" + refreshToken + - "; HttpOnly; Secure=" + COOKIE_SECURE + "; SameSite=None; Path=" + COOKIE_PATH + "; Max-Age=" - + REFRESH_TOKEN_MAX_AGE); - } - // 응답에 쿠키 추가 - response.addCookie(accessTokenCookie); - if (refreshTokenCookie != null) { - response.addCookie(refreshTokenCookie); - } + String refreshTokenCookieString = String.format("RefreshToken=%s; " + + "Path=%s; " + + "Max-Age=%d; " + + "HttpOnly; " + + "Secure; " + + "SameSite=None", + refreshToken, + COOKIE_PATH, + REFRESH_TOKEN_MAX_AGE); + response.addHeader("Set-Cookie", refreshTokenCookieString); + } } // 로그용 (삭제해도 ok) diff --git a/src/main/java/com/example/eatmate/global/config/SecurityConfig.java b/src/main/java/com/example/eatmate/global/config/SecurityConfig.java index 36ff92c..27d322e 100644 --- a/src/main/java/com/example/eatmate/global/config/SecurityConfig.java +++ b/src/main/java/com/example/eatmate/global/config/SecurityConfig.java @@ -75,9 +75,10 @@ public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList( - "http://localhost:3000", + "http://localhost:3000/", "https://develop.d4u0qurydeei4.amplifyapp.com" )); + configuration.addAllowedOriginPattern("*"); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("Content-Type", "Authorization", "Cookie")); configuration.setExposedHeaders(