[Refactor] Cookie SameSite 관리 (#37)

* refactor: Cookie SameSite = None 으로 설정 (#36)
Someup · Sep 30, 2024 · eafc5d7 · eafc5d7
1 parent 2812db7
commit eafc5d7
Showing 1 changed file with 23 additions and 13 deletions.
diff --git a/src/main/java/project/backend/presentation/auth/util/TokenCookieManager.java b/src/main/java/project/backend/presentation/auth/util/TokenCookieManager.java
@@ -1,7 +1,8 @@
 package project.backend.presentation.auth.util;
 
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Component;
 
 @Component
@@ -10,25 +11,34 @@ public class TokenCookieManager {
   private static final int DEFAULT_EXPIRATION = 24 * 60 * 60;  // 1일 기본 만료 시간
   private static final String COOKIE_PATH = "/";
 
+  @Value("${jwt.refresh_cookie_name}")
+  private String refreshTokenCookieName;
+
   public void addRefreshTokenCookie(HttpServletResponse response, String refreshToken) {
     addRefreshTokenCookie(response, refreshToken, DEFAULT_EXPIRATION);
   }
 
   public void addRefreshTokenCookie(HttpServletResponse response, String refreshToken, int maxAge) {
-    Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
-    refreshTokenCookie.setHttpOnly(true);      // 클라이언트에서 접근 불가
-    refreshTokenCookie.setSecure(true);        // HTTPS 환경에서만 전송
-    refreshTokenCookie.setPath(COOKIE_PATH);   // 경로 설정
-    refreshTokenCookie.setMaxAge(maxAge);      // 만료 시간 설정
-    response.addCookie(refreshTokenCookie);
+    ResponseCookie cookie = ResponseCookie.from(refreshTokenCookieName, refreshToken)
+                                          .path(COOKIE_PATH)
+                                          .maxAge(maxAge)
+                                          .httpOnly(true)
+                                          .secure(true)
+                                          .sameSite("None")
+                                          .build();
+
+    response.addHeader("Set-Cookie", cookie.toString());
   }
 
   public void removeRefreshTokenCookie(HttpServletResponse response) {
-    Cookie refreshTokenCookie = new Cookie("refreshToken", null);
-    refreshTokenCookie.setHttpOnly(true);
-    refreshTokenCookie.setSecure(true);
-    refreshTokenCookie.setPath(COOKIE_PATH);
-    refreshTokenCookie.setMaxAge(0);  // 즉시 만료
-    response.addCookie(refreshTokenCookie);
+    ResponseCookie cookie = ResponseCookie.from(refreshTokenCookieName, "")
+                                          .path(COOKIE_PATH)
+                                          .maxAge(0)  // 즉시 만료
+                                          .httpOnly(true)
+                                          .secure(true)
+                                          .sameSite("None")
+                                          .build();
+
+    response.addHeader("Set-Cookie", cookie.toString());
   }
 }