From 963419be0939362f681d3d499b014a468e359406 Mon Sep 17 00:00:00 2001 From: juwum12 Date: Sat, 4 May 2024 19:14:20 +0900 Subject: [PATCH] =?UTF-8?q?FIX=20:=20httponly=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java | 2 +- .../nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java | 2 +- src/main/java/com/nawabali/nawabali/service/KakaoService.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java index 532913b..f1f1a00 100644 --- a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java +++ b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthenticationFilter.java @@ -75,7 +75,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR log.info("accessCookie value : " + accessCookie.getValue()); log.info("refreshCookie value : " + refreshCookie.getValue()); response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token); - response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",token)); + response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",token)); // refresh 토큰 redis에 저장 redisTool.setValues(token.substring(7), refreshCookie.getValue(), Duration.ofMillis(jwtUtil.REFRESH_EXPIRATION_TIME)); diff --git a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java index 88cf296..01a62de 100644 --- a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java +++ b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtAuthorizationFilter.java @@ -71,7 +71,7 @@ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, Cookie newAcessCookie = jwtUtil.createAccessCookie(newAccessToken); log.info("발급한 유저의 email : " + email); res.addHeader(JwtUtil.AUTHORIZATION_HEADER, newAccessToken); - res.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",newAccessToken)); + res.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",newAccessToken)); redisTool.deleteValues(accessToken); log.info("기존 refreshToken 삭제 key :" + accessToken ); diff --git a/src/main/java/com/nawabali/nawabali/service/KakaoService.java b/src/main/java/com/nawabali/nawabali/service/KakaoService.java index 3f60166..2396dad 100644 --- a/src/main/java/com/nawabali/nawabali/service/KakaoService.java +++ b/src/main/java/com/nawabali/nawabali/service/KakaoService.java @@ -163,7 +163,7 @@ private String jwtTokenCreate(User kakaoUser , HttpServletResponse response) thr log.info("refreshCookie value : " + refreshCookie.getValue()); // 6. 헤더 및 쿠키에 저장 response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token); - response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; SameSite=None;",token)); + response.addHeader(JwtUtil.AUTHORIZATION_HEADER, String.format("%s; Secure; HttpOnly; SameSite=None;",token)); // 7. refresh 토큰 redis에 저장