From 691af89a59b027b7a8eae7687a0e22ac51c5336e Mon Sep 17 00:00:00 2001
From: 49EHyeon42 <49ehyeon42@gmail.com>
Date: Sat, 24 Aug 2024 18:08:22 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20=EC=9E=98=EB=AA=BB=EB=90=9C=20access=20t?=
 =?UTF-8?q?oken=20=EC=9E=AC=EB=B0=9C=EA=B8=89=20=EC=88=98=EC=A0=95,=20?=
 =?UTF-8?q?=EC=BF=A0=ED=82=A4=20`setHttpOnly(true);`=20=EC=A0=81=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../connectrip_be/auth/jwt/JwtAuthenticationFilter.java       | 4 ++--
 .../connectripbe/connectrip_be/auth/web/AuthController.java   | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/connectripbe/connectrip_be/auth/jwt/JwtAuthenticationFilter.java b/src/main/java/connectripbe/connectrip_be/auth/jwt/JwtAuthenticationFilter.java
index ebe18ab2..58ff9616 100644
--- a/src/main/java/connectripbe/connectrip_be/auth/jwt/JwtAuthenticationFilter.java
+++ b/src/main/java/connectripbe/connectrip_be/auth/jwt/JwtAuthenticationFilter.java
@@ -43,12 +43,12 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             }
         }
 
-        if (refreshToken == null || accessToken == null || refreshToken.isBlank() || accessToken.isBlank()) {
+        if (refreshToken == null || refreshToken.isBlank()) {
             filterChain.doFilter(request, response);
             return;
         }
 
-        if (!jwtProvider.validateToken(accessToken)) {
+        if (accessToken == null || !jwtProvider.validateToken(accessToken)) {
             if (!jwtProvider.validateToken(refreshToken)) {
                 filterChain.doFilter(request, response);
                 return;
diff --git a/src/main/java/connectripbe/connectrip_be/auth/web/AuthController.java b/src/main/java/connectripbe/connectrip_be/auth/web/AuthController.java
index e5eb5f4d..835a6548 100644
--- a/src/main/java/connectripbe/connectrip_be/auth/web/AuthController.java
+++ b/src/main/java/connectripbe/connectrip_be/auth/web/AuthController.java
@@ -93,12 +93,14 @@ private void addJwtToCookie(
         Cookie refreshTokenCookie = new Cookie("refreshToken", tokenDto.getRefreshToken());
         refreshTokenCookie.setPath("/");
         refreshTokenCookie.setMaxAge(tokenDto.getRefreshTokenExpirationTime());
+        refreshTokenCookie.setHttpOnly(true);
 
         response.addCookie(refreshTokenCookie);
 
         Cookie accessTokenCookie = new Cookie("accessToken", tokenDto.getAccessToken());
         accessTokenCookie.setPath("/");
         accessTokenCookie.setMaxAge(tokenDto.getAccessTokenExpirationTime());
+        accessTokenCookie.setHttpOnly(true);
 
         response.addCookie(accessTokenCookie);
     }