From 92114985b69d3909392b65ee7c2d4958df2d68e8 Mon Sep 17 00:00:00 2001 From: sonsumin Date: Fri, 22 Nov 2024 16:23:38 +0900 Subject: [PATCH] =?UTF-8?q?[#2]=F0=9F=90=9BFix:=20=EC=BF=A0=ED=82=A4=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/oauth/OAuth2SuccessHandler.java | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/main/java/univ/yesummit/global/oauth/OAuth2SuccessHandler.java b/src/main/java/univ/yesummit/global/oauth/OAuth2SuccessHandler.java index 4b5014b..3202a46 100644 --- a/src/main/java/univ/yesummit/global/oauth/OAuth2SuccessHandler.java +++ b/src/main/java/univ/yesummit/global/oauth/OAuth2SuccessHandler.java @@ -47,18 +47,23 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo int accessTokenMaxAge = jwtUtils.getAccessExpiration().intValue() / 1000; // 밀리초를 초로 변환 int refreshTokenMaxAge = jwtUtils.getRefreshExpiration().intValue() / 1000; + // Access Token 쿠키 Cookie accessTokenCookie = new Cookie("accessToken", accessToken); -// accessTokenCookie.setHttpOnly(true); // js 접근 불가 -// accessTokenCookie.setSecure(false); - accessTokenCookie.setPath("/"); + accessTokenCookie.setHttpOnly(true); // JavaScript 접근 불가 + accessTokenCookie.setSecure(false); // HTTPS가 아닌 경우 false + accessTokenCookie.setDomain("localhost"); // 로컬 환경 도메인 설정 + accessTokenCookie.setPath("/"); // 모든 경로에서 유효 accessTokenCookie.setMaxAge(accessTokenMaxAge); + // Refresh Token 쿠키 Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken); -// refreshTokenCookie.setHttpOnly(true); // js 접근 불가 -// refreshTokenCookie.setSecure(false); + refreshTokenCookie.setHttpOnly(true); + refreshTokenCookie.setSecure(false); + refreshTokenCookie.setDomain("localhost"); refreshTokenCookie.setPath("/"); refreshTokenCookie.setMaxAge(refreshTokenMaxAge); + response.addCookie(accessTokenCookie); response.addCookie(refreshTokenCookie);