src/main/java/com/techfork/domain/auth/service/AuthService.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,15 +9,13 @@ @@
     import com.techfork.domain.user.entity.User;
     import com.techfork.domain.user.enums.Role;
     import com.techfork.domain.user.enums.SocialType;
-    import com.techfork.domain.user.enums.UserStatus;
     import com.techfork.domain.user.repository.UserRepository;
     import com.techfork.global.exception.GeneralException;
     import com.techfork.global.security.auth.service.RefreshTokenService;
     import com.techfork.global.security.jwt.JwtDTO;
     import com.techfork.global.security.jwt.JwtProperties;
     import com.techfork.global.security.jwt.JwtUtil;
-    import com.techfork.global.util.CookieUtil;
-    import jakarta.security.auth.message.config.AuthConfig;
+    import com.techfork.global.security.util.CookieUtil;
     import jakarta.servlet.http.HttpServletResponse;
     import lombok.RequiredArgsConstructor;
     import lombok.extern.slf4j.Slf4j;
@@ Expand Down @@

src/main/java/com/techfork/global/security/config/SecurityConfig.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -81,6 +81,7 @@ public CorsConfigurationSource corsConfigurationSource() { @@
             configuration.setAllowedOrigins(List.of(
                     "http://localhost:5173",
+                    "https://techfork-fe.vercel.app",
                     "https://techfork.shop",
                     "https://api.techfork.shop",
                     "https://appleid.apple.com"  // Apple Sign In form_post
@@ Expand Down @@

...n/java/com/techfork/global/security/handler/login/OAuth2AuthenticationSuccessHandler.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ @@
     import com.techfork.global.security.jwt.JwtProperties;
     import com.techfork.global.security.jwt.JwtUtil;
     import com.techfork.global.security.oauth.UserPrincipal;
-    import com.techfork.global.util.CookieUtil;
+    import com.techfork.global.security.util.CookieUtil;
     import jakarta.servlet.ServletException;
     import jakarta.servlet.http.HttpServletRequest;
     import jakarta.servlet.http.HttpServletResponse;
@@ Expand Down @@

src/main/java/com/techfork/global/security/util/CookieUtil.java

-Original file line number
+Diff line change
@@ -0,0 +1,35 @@
+    package com.techfork.global.security.util;
+    import com.techfork.global.constant.Constants;
+    import jakarta.servlet.http.HttpServletResponse;
+    import org.springframework.http.ResponseCookie;
+    public final class CookieUtil {
+        private CookieUtil() {}
+        public static void addRefreshTokenCookie(HttpServletResponse response, String domain, String token, long maxAge) {
+            ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, token)
+                    .httpOnly(true)
+                    .secure(true)
+                    .path("/")
+                    .domain(domain)
+                    .maxAge(maxAge / 1000)
+                    .sameSite("None")
+                    .build();
+            response.addHeader("Set-Cookie", cookie.toString());
+        }
+        public static void deleteRefreshTokenCookie(HttpServletResponse response, String domain) {
+            ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, "")
+                    .httpOnly(true)
+                    .secure(true)
+                    .path("/")
+                    .domain(domain)
+                    .maxAge(0)
+                    .sameSite("None")
+                    .build();
+            response.addHeader("Set-Cookie", cookie.toString());
+        }
+    }

src/main/java/com/techfork/global/util/CookieUtil.java

This file was deleted.

src/test/java/com/techfork/domain/auth/service/AuthServiceTest.java

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -105,7 +105,7 @@ void refreshToken_Success() {
  
            verify(jwtUtil).isValidToken(validRefreshToken);

            verify(jwtUtil).validateTokenType(validRefreshToken, TOKEN_TYPE_REFRESH);

            verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());

            verify(response).addCookie(any(Cookie.class));

            verify(response).addHeader(eq("Set-Cookie"), anyString());

        }

        @Test

    @@ -191,7 +191,7 @@ void logout_Success() {
  
            verify(jwtUtil).isValidToken(validRefreshToken);

            verify(jwtUtil).validateTokenType(validRefreshToken, TOKEN_TYPE_REFRESH);

            verify(refreshTokenService).deleteRefreshToken(userId);

            verify(response).addCookie(any(Cookie.class));

            verify(response).addHeader(eq("Set-Cookie"), anyString());

        }

        @Test

    @@ -340,7 +340,7 @@ void kakaoLogin_Success_NewUser() {
  
            verify(userRepository).save(any(User.class));

            verify(jwtUtil).generateTokens(userId, Role.USER);

            verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());

            verify(response).addCookie(any(Cookie.class));

            verify(response).addHeader(eq("Set-Cookie"), anyString());

            verify(authConverter).toKakaoLoginResponse(newAccessToken, newUser);

        }

    @@ -387,7 +387,7 @@ void kakaoLogin_Success_ExistingUser() {
  
            verify(userRepository, never()).save(any(User.class)); // 기존 회원이므로 save 호출 안됨

            verify(jwtUtil).generateTokens(userId, Role.USER);

            verify(refreshTokenService).saveRefreshToken(eq(userId), eq(newRefreshToken), anyLong());

            verify(response).addCookie(any(Cookie.class));

            verify(response).addHeader(eq("Set-Cookie"), anyString());

            verify(authConverter).toKakaoLoginResponse(newAccessToken, existingUser);

        }

    }

[fix/#233] Cross-site 쿠키 전송을 위한 SameSite 설정 추가 및 배포 주소 허용 #234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Dimo-2562 merged 4 commits into develop from fix/#233

Feb 1, 2026

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,15 +9,13 @@ @@
     import com.techfork.domain.user.entity.User;
     import com.techfork.domain.user.enums.Role;
     import com.techfork.domain.user.enums.SocialType;
-    import com.techfork.domain.user.enums.UserStatus;
     import com.techfork.domain.user.repository.UserRepository;
     import com.techfork.global.exception.GeneralException;
     import com.techfork.global.security.auth.service.RefreshTokenService;
     import com.techfork.global.security.jwt.JwtDTO;
     import com.techfork.global.security.jwt.JwtProperties;
     import com.techfork.global.security.jwt.JwtUtil;
-    import com.techfork.global.util.CookieUtil;
-    import jakarta.security.auth.message.config.AuthConfig;
+    import com.techfork.global.security.util.CookieUtil;
     import jakarta.servlet.http.HttpServletResponse;
     import lombok.RequiredArgsConstructor;
     import lombok.extern.slf4j.Slf4j;
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -81,6 +81,7 @@ public CorsConfigurationSource corsConfigurationSource() { @@
             configuration.setAllowedOrigins(List.of(
                     "http://localhost:5173",
+                    "https://techfork-fe.vercel.app",
                     "https://techfork.shop",
                     "https://api.techfork.shop",
                     "https://appleid.apple.com"  // Apple Sign In form_post
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ @@
     import com.techfork.global.security.jwt.JwtProperties;
     import com.techfork.global.security.jwt.JwtUtil;
     import com.techfork.global.security.oauth.UserPrincipal;
-    import com.techfork.global.util.CookieUtil;
+    import com.techfork.global.security.util.CookieUtil;
     import jakarta.servlet.ServletException;
     import jakarta.servlet.http.HttpServletRequest;
     import jakarta.servlet.http.HttpServletResponse;
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -0,0 +1,35 @@
+    package com.techfork.global.security.util;
+    import com.techfork.global.constant.Constants;
+    import jakarta.servlet.http.HttpServletResponse;
+    import org.springframework.http.ResponseCookie;
+    public final class CookieUtil {
+        private CookieUtil() {}
+        public static void addRefreshTokenCookie(HttpServletResponse response, String domain, String token, long maxAge) {
+            ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, token)
+                    .httpOnly(true)
+                    .secure(true)
+                    .path("/")
+                    .domain(domain)
+                    .maxAge(maxAge / 1000)
+                    .sameSite("None")
+                    .build();
+            response.addHeader("Set-Cookie", cookie.toString());
+        }
+        public static void deleteRefreshTokenCookie(HttpServletResponse response, String domain) {
+            ResponseCookie cookie = ResponseCookie.from(Constants.REFRESH_TOKEN_COOKIE_NAME, "")
+                    .httpOnly(true)
+                    .secure(true)
+                    .path("/")
+                    .domain(domain)
+                    .maxAge(0)
+                    .sameSite("None")
+                    .build();
+            response.addHeader("Set-Cookie", cookie.toString());
+        }
+    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[fix/#233] Cross-site 쿠키 전송을 위한 SameSite 설정 추가 및 배포 주소 허용 #234

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!