FIX : httponly설정

Dongnaebangnae · May 4, 2024 · 963419b · 963419b
1 parent 6f806dc
commit 963419b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java
@@ -75,7 +75,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
         log.info("accessCookie value : " + accessCookie.getValue());
         log.info("refreshCookie value : " + refreshCookie.getValue());
         response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token);
-        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",token));
+        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",token));
 
         // refresh 토큰 redis에 저장
         redisTool.setValues(token.substring(7), refreshCookie.getValue(), Duration.ofMillis(jwtUtil.REFRESH_EXPIRATION_TIME));

diff --git a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java
@@ -71,7 +71,7 @@ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
                     Cookie newAcessCookie = jwtUtil.createAccessCookie(newAccessToken);
                     log.info("발급한 유저의 email : " + email);
                     res.addHeader(JwtUtil.AUTHORIZATION_HEADER, newAccessToken);
-                    res.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",newAccessToken));
+                    res.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",newAccessToken));
 
                     redisTool.deleteValues(accessToken);
                     log.info("기존 refreshToken 삭제 key :" + accessToken );

diff --git a/src/main/java/com/nawabali/nawabali/service/KakaoService.java b/src/main/java/com/nawabali/nawabali/service/KakaoService.java
@@ -163,7 +163,7 @@ private String jwtTokenCreate(User kakaoUser , HttpServletResponse response) thr
         log.info("refreshCookie value : " + refreshCookie.getValue());
         // 6. 헤더 및 쿠키에 저장
         response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token);
-        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",token));
+        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",token));
 
 
         // 7. refresh 토큰 redis에 저장