Merge pull request #16 from AI-Tutor-2024/security

hyunbin1 · web-flow · commit 50c62749f6b9 · 2025-03-31T20:21:25.000+09:00
[FIX] 쿠키 옵션 수정
diff --git a/src/main/java/com/example/ai_tutor/global/config/security/util/CustomCookie.java b/src/main/java/com/example/ai_tutor/global/config/security/util/CustomCookie.java
@@ -26,13 +26,18 @@ public static Optional<Cookie> getCookie(HttpServletRequest request, String name
 
     public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) {
         Cookie cookie = new Cookie(name, value);
-
         cookie.setPath("/");
         cookie.setHttpOnly(true);
         cookie.setMaxAge(maxAge);
-        response.addCookie(cookie);
+        cookie.setSecure(true); // ✅ HTTPS 환경에서는 반드시 필요
+
+        // SameSite=None 속성은 setAttribute가 없기 때문에 아래처럼 수동 추가 필요
+        String cookieHeader = String.format("%s=%s; Max-Age=%d; Path=/; Secure; HttpOnly; SameSite=None",
+                cookie.getName(), cookie.getValue(), maxAge);
+        response.addHeader("Set-Cookie", cookieHeader);
     }
 
+
     public static void deleteCookie(HttpServletRequest request, HttpServletResponse response, String name) {
         Cookie[] cookies = request.getCookies();
         if (cookies != null && cookies.length > 0) {
