From 3bb3ad9bec1cc64c4da36cf377e6c5f110506146 Mon Sep 17 00:00:00 2001
From: dmori <chosehoon2@naver.com>
Date: Sun, 1 Feb 2026 20:44:34 +0900
Subject: [PATCH 1/4] =?UTF-8?q?fix:=20=EC=BF=A0=ED=82=A4=EC=97=90=20SameSi?=
 =?UTF-8?q?te=20=EC=98=B5=EC=85=98=EC=9D=84=20None=EC=9C=BC=EB=A1=9C=20?=
 =?UTF-8?q?=ED=95=98=EC=97=AC=20CORS=20=EC=97=90=EB=9F=AC=20=ED=95=B4?=
 =?UTF-8?q?=EA=B2=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/techfork/global/util/CookieUtil.java  | 33 +++++++++++--------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/main/java/com/techfork/global/util/CookieUtil.java b/src/main/java/com/techfork/global/util/CookieUtil.java
index 7689731..3e175f5 100644
--- a/src/main/java/com/techfork/global/util/CookieUtil.java
+++ b/src/main/java/com/techfork/global/util/CookieUtil.java
@@ -3,29 +3,34 @@
 import com.techfork.global.constant.Constants;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.ResponseCookie;
 
 public final class CookieUtil {
     private CookieUtil() {}
 
     public static void addRefreshTokenCookie(HttpServletResponse response, String domain, String token, long maxAge) {
-        Cookie cookie = new Cookie(Constants.REFRESH_TOKEN_COOKIE_NAME, token);
-        cookie.setHttpOnly(true);
-        cookie.setSecure(true);
-        cookie.setPath("/");
-        cookie.setDomain(domain);
-        cookie.setMaxAge((int) (maxAge / 1000)); // milliseconds to seconds
+        ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, token)
+                .httpOnly(true)
+                .secure(true)
+                .path("/")
+                .domain(domain)
+                .maxAge(maxAge / 1000)
+                .sameSite("None")
+                .build();
 
-        response.addCookie(cookie);
+        response.addHeader("Set-Cookie", cookie.toString());
     }
 
     public static void deleteRefreshTokenCookie(HttpServletResponse response, String domain) {
-        Cookie cookie = new Cookie(Constants.REFRESH_TOKEN_COOKIE_NAME, null);
-        cookie.setHttpOnly(true);
-        cookie.setSecure(true);
-        cookie.setPath("/");
-        cookie.setDomain(domain);
-        cookie.setMaxAge(0); // 즉시 만료
+        ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, "")
+                .httpOnly(true)
+                .secure(true)
+                .path("/")
+                .domain(domain)
+                .maxAge(0)
+                .sameSite("None")
+                .build();
 
-        response.addCookie(cookie);
+        response.addHeader("Set-Cookie", cookie.toString());
     }
 }

From 3597fd2483df6b4535f4e8a6efe23916855a16a1 Mon Sep 17 00:00:00 2001
From: dmori <chosehoon2@naver.com>
Date: Sun, 1 Feb 2026 20:45:33 +0900
Subject: [PATCH 2/4] =?UTF-8?q?refactor:=20CookieUtil=20=ED=8C=A8=ED=82=A4?=
 =?UTF-8?q?=EC=A7=80=20=EC=9C=84=EC=B9=98=20security=20=EB=B0=91=EC=9C=BC?=
 =?UTF-8?q?=EB=A1=9C=20=EC=9D=B4=EB=8F=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/techfork/domain/auth/service/AuthService.java    | 4 +---
 .../handler/login/OAuth2AuthenticationSuccessHandler.java     | 2 +-
 .../com/techfork/global/{ => security}/util/CookieUtil.java   | 3 +--
 3 files changed, 3 insertions(+), 6 deletions(-)
 rename src/main/java/com/techfork/global/{ => security}/util/CookieUtil.java (94%)

diff --git a/src/main/java/com/techfork/domain/auth/service/AuthService.java b/src/main/java/com/techfork/domain/auth/service/AuthService.java
index 2f62d3b..7833dd6 100644
--- a/src/main/java/com/techfork/domain/auth/service/AuthService.java
+++ b/src/main/java/com/techfork/domain/auth/service/AuthService.java
@@ -9,15 +9,13 @@
 import com.techfork.domain.user.entity.User;
 import com.techfork.domain.user.enums.Role;
 import com.techfork.domain.user.enums.SocialType;
-import com.techfork.domain.user.enums.UserStatus;
 import com.techfork.domain.user.repository.UserRepository;
 import com.techfork.global.exception.GeneralException;
 import com.techfork.global.security.auth.service.RefreshTokenService;
 import com.techfork.global.security.jwt.JwtDTO;
 import com.techfork.global.security.jwt.JwtProperties;
 import com.techfork.global.security.jwt.JwtUtil;
-import com.techfork.global.util.CookieUtil;
-import jakarta.security.auth.message.config.AuthConfig;
+import com.techfork.global.security.util.CookieUtil;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/com/techfork/global/security/handler/login/OAuth2AuthenticationSuccessHandler.java b/src/main/java/com/techfork/global/security/handler/login/OAuth2AuthenticationSuccessHandler.java
index 3217ac0..1a586f2 100644
--- a/src/main/java/com/techfork/global/security/handler/login/OAuth2AuthenticationSuccessHandler.java
+++ b/src/main/java/com/techfork/global/security/handler/login/OAuth2AuthenticationSuccessHandler.java
@@ -6,7 +6,7 @@
 import com.techfork.global.security.jwt.JwtProperties;
 import com.techfork.global.security.jwt.JwtUtil;
 import com.techfork.global.security.oauth.UserPrincipal;
-import com.techfork.global.util.CookieUtil;
+import com.techfork.global.security.util.CookieUtil;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
diff --git a/src/main/java/com/techfork/global/util/CookieUtil.java b/src/main/java/com/techfork/global/security/util/CookieUtil.java
similarity index 94%
rename from src/main/java/com/techfork/global/util/CookieUtil.java
rename to src/main/java/com/techfork/global/security/util/CookieUtil.java
index 3e175f5..b4de5b4 100644
--- a/src/main/java/com/techfork/global/util/CookieUtil.java
+++ b/src/main/java/com/techfork/global/security/util/CookieUtil.java
@@ -1,7 +1,6 @@
-package com.techfork.global.util;
+package com.techfork.global.security.util;
 
 import com.techfork.global.constant.Constants;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.ResponseCookie;
 

From 57055fbf045106d04bd120ac9488fa104d43a1bd Mon Sep 17 00:00:00 2001
From: dmori <chosehoon2@naver.com>
Date: Sun, 1 Feb 2026 20:46:33 +0900
Subject: [PATCH 3/4] =?UTF-8?q?fix:=20=ED=94=84=EB=A1=A0=ED=8A=B8=20?=
 =?UTF-8?q?=EB=B0=B0=ED=8F=AC=20=EC=A3=BC=EC=86=8C=EB=8F=84=20CORS=20?=
 =?UTF-8?q?=ED=97=88=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/techfork/global/security/config/SecurityConfig.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/com/techfork/global/security/config/SecurityConfig.java b/src/main/java/com/techfork/global/security/config/SecurityConfig.java
index db66168..bec38da 100644
--- a/src/main/java/com/techfork/global/security/config/SecurityConfig.java
+++ b/src/main/java/com/techfork/global/security/config/SecurityConfig.java
@@ -81,6 +81,7 @@ public CorsConfigurationSource corsConfigurationSource() {
 
         configuration.setAllowedOrigins(List.of(
                 "http://localhost:5173",
+                "https://techfork-fe.vercel.app",
                 "https://techfork.shop",
                 "https://api.techfork.shop",
                 "https://appleid.apple.com"  // Apple Sign In form_post

From 1eec7f7f9091b4e0ec8b93d47fef3c0e4d8a61c2 Mon Sep 17 00:00:00 2001
From: dmori <chosehoon2@naver.com>
Date: Sun, 1 Feb 2026 20:57:21 +0900
Subject: [PATCH 4/4] =?UTF-8?q?test:=20auth=20=EB=8B=A8=EC=9C=84=20?=
 =?UTF-8?q?=ED=85=8C=EC=8A=A4=ED=8A=B8=EC=97=90=EC=84=9C=20=EC=BF=A0?=
 =?UTF-8?q?=ED=82=A4=20=EA=B2=80=EC=A6=9D=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/techfork/domain/auth/service/AuthServiceTest.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/test/java/com/techfork/domain/auth/service/AuthServiceTest.java b/src/test/java/com/techfork/domain/auth/service/AuthServiceTest.java
index 77c4cff..038e5d9 100644
--- a/src/test/java/com/techfork/domain/auth/service/AuthServiceTest.java
+++ b/src/test/java/com/techfork/domain/auth/service/AuthServiceTest.java
@@ -105,7 +105,7 @@ void refreshToken_Success() {
         verify(jwtUtil).isValidToken(validRefreshToken);
         verify(jwtUtil).validateTokenType(validRefreshToken, TOKEN_TYPE_REFRESH);
         verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());
-        verify(response).addCookie(any(Cookie.class));
+        verify(response).addHeader(eq("Set-Cookie"), anyString());
     }
 
     @Test
@@ -191,7 +191,7 @@ void logout_Success() {
         verify(jwtUtil).isValidToken(validRefreshToken);
         verify(jwtUtil).validateTokenType(validRefreshToken, TOKEN_TYPE_REFRESH);
         verify(refreshTokenService).deleteRefreshToken(userId);
-        verify(response).addCookie(any(Cookie.class));
+        verify(response).addHeader(eq("Set-Cookie"), anyString());
     }
 
     @Test
@@ -340,7 +340,7 @@ void kakaoLogin_Success_NewUser() {
         verify(userRepository).save(any(User.class));
         verify(jwtUtil).generateTokens(userId, Role.USER);
         verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());
-        verify(response).addCookie(any(Cookie.class));
+        verify(response).addHeader(eq("Set-Cookie"), anyString());
         verify(authConverter).toKakaoLoginResponse(newAccessToken, newUser);
     }
 
@@ -387,7 +387,7 @@ void kakaoLogin_Success_ExistingUser() {
         verify(userRepository, never()).save(any(User.class)); // 기존 회원이므로 save 호출 안됨
         verify(jwtUtil).generateTokens(userId, Role.USER);
         verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());
-        verify(response).addCookie(any(Cookie.class));
+        verify(response).addHeader(eq("Set-Cookie"), anyString());
         verify(authConverter).toKakaoLoginResponse(newAccessToken, existingUser);
     }
 }