security

Soongsil-CoffeeChat · Jan 2, 2025 · 317b45f · 317b45f
1 parent 56b274b
commit 317b45f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java b/src/main/java/com/soongsil/CoffeeChat/config/SecurityConfig.java
@@ -60,13 +60,18 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .cors(cors -> cors.configurationSource(request -> {
                     CorsConfiguration configuration = new CorsConfiguration();
+                    /*
                     configuration.setAllowedOrigins(Arrays.asList(
                             "https://localhost:3000",
                             "http://localhost:8080",
                             "https://cogo.life",
                             "https://coffeego-ssu.web.app",
                             "https://accounts.google.co.kr"
                     ));
+
+                     */
+                    configuration.setAllowedOrigins(Arrays.asList("https://coffeego-ssu.web.app"));
+
                     configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
                     configuration.setAllowedHeaders(Collections.singletonList("*"));
                     configuration.setExposedHeaders(Arrays.asList("Set-Cookie", "Authorization", "Access", "loginStatus"));

diff --git a/src/main/java/com/soongsil/CoffeeChat/config/oauth2/CustomSuccessHandler.java b/src/main/java/com/soongsil/CoffeeChat/config/oauth2/CustomSuccessHandler.java
@@ -69,17 +69,17 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
     private void addSameSiteCookie(HttpServletResponse response, String name, String value) {
         ResponseCookie responseCookie = ResponseCookie.from(name, value)
                 .httpOnly(true)
-                .secure(true)
-                .sameSite("None")
-                .domain(".coffeego-ssu.web.app")
-                .path("/")
-                .maxAge(24 * 60 * 60)
+                .secure(true) // HTTPS에서만 전송
+                .sameSite("None") // 크로스 사이트 쿠키 허용
+                .domain(".coffeego-ssu.web.app") // 도메인 설정
+                .path("/") // 모든 경로에서 유효
+                .maxAge(24 * 60 * 60) // 1일 유효
                 .build();
 
         response.addHeader("Set-Cookie", responseCookie.toString());
         System.out.println("쿠키 : " + responseCookie.toString());
-
     }
+
 }