Team-StudyLog · y11n · Aug 17, 2025 · Aug 16, 2025 · Aug 16, 2025 · Aug 16, 2025
diff --git a/src/main/java/org/example/studylog/config/CorsMvcConfig.java b/src/main/java/org/example/studylog/config/CorsMvcConfig.java
@@ -11,7 +11,7 @@ public class CorsMvcConfig implements WebMvcConfigurer {
     public void addCorsMappings(CorsRegistry corsRegistry) {
         corsRegistry.addMapping("/**")
                 .exposedHeaders("Set-Cookie")
-                .allowedOrigins("http://localhost:5173")
+                .allowedOrigins("http://localhost:5174", "https://web.studylog.shop")
                 .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"); // PATCH & OPTIONS 포함;
     }
 }
diff --git a/src/main/java/org/example/studylog/config/SecurityConfig.java b/src/main/java/org/example/studylog/config/SecurityConfig.java
@@ -53,7 +53,7 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
 
                         CorsConfiguration configuration = new CorsConfiguration();
 
-                        configuration.setAllowedOrigins(Collections.singletonList("http://localhost:5173"));
+                        configuration.setAllowedOrigins(Arrays.asList("http://localhost:5174", "https://web.studylog.shop"));
                         configuration.setAllowedMethods(Arrays.asList(
                                 "GET","POST","PUT","PATCH","DELETE","OPTIONS"
                         ));

diff --git a/src/main/java/org/example/studylog/controller/jwt/AuthController.java b/src/main/java/org/example/studylog/controller/jwt/AuthController.java
@@ -15,6 +15,7 @@
 import org.example.studylog.service.TokenService;
 import org.example.studylog.util.CookieUtil;
 import org.example.studylog.util.ResponseUtil;
+import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -66,7 +67,8 @@ public ResponseEntity<?> reissue(HttpServletRequest request, HttpServletResponse
         TokenDTO tokenDTO = tokenService.reissueAccessToken(refresh);
 
         // Refresh 토큰은 쿠키로 전달
-        response.addCookie(CookieUtil.createCookie("refresh", tokenDTO.getRefreshToken()));
+        ResponseCookie cookie = CookieUtil.createCookie("refresh", tokenDTO.getRefreshToken());
+        response.addHeader("Set-Cookie", cookie.toString());
 
         // Access 토큰, code, isNewUser는 body로 전달
         TokenDTO.ResponseDTO dto = TokenDTO.ResponseDTO.builder()

diff --git a/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java b/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java
@@ -9,6 +9,7 @@
 import org.example.studylog.service.TokenService;
 import org.example.studylog.util.CookieUtil;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
@@ -52,7 +53,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         // refresh 토큰 저장
         tokenService.addRefreshEntity(oauthId, refresh, 86400000L);
 
-        response.addCookie(CookieUtil.createCookie("refresh", refresh));
+        // ResponseCookie 생성하여 응답 헤더에 추가
+        ResponseCookie cookie = CookieUtil.createCookie("refresh", refresh);
+        response.addHeader("Set-Cookie", cookie.toString());
 
         // 회원가입 화면으로 리다이렉션(임시: 프론트 로그인 완료 화면으로 변경 예정)
         response.sendRedirect(redirectUri);

diff --git a/src/main/java/org/example/studylog/util/CookieUtil.java b/src/main/java/org/example/studylog/util/CookieUtil.java
@@ -1,15 +1,16 @@
 package org.example.studylog.util;
 
-import jakarta.servlet.http.Cookie;
+import org.springframework.http.ResponseCookie;
 
 public class CookieUtil {
-    public static Cookie createCookie(String key, String value){
-        Cookie cookie = new Cookie(key, value);
-        cookie.setMaxAge(60*60*60);
-        //cookie.setSecure(true);
-        cookie.setPath("/");
-        cookie.setHttpOnly(true);
-
-        return cookie;
+    public static ResponseCookie createCookie(String key, String value){
+        return ResponseCookie.from(key, value)
+                .httpOnly(true)              // JS 접근 불가
+                .path("/")                   // 모든 경로에서 쿠키 전송
+                .maxAge(60 * 60 * 60)        // 유효 시간 (초 단위)
+                .secure(true)                // HTTPS에서만 전송
+                .domain(".studylog.shop")    // 도메인 지정 (서브도메인 포함)
+                .sameSite("None")            // 크로스 도메인 쿠키 허용 시 필요
+                .build();
     }
 }