From e99e1eb43206a283b6a28b500f45ee264fa289e2 Mon Sep 17 00:00:00 2001 From: Anna-Jin Date: Mon, 18 Jul 2022 22:00:49 +0900 Subject: [PATCH] =?UTF-8?q?#35=20[trouble=20shooting]=20=EC=B2=AB=EB=B2=88?= =?UTF-8?q?=EC=A7=B8=20=EC=8B=9C=EB=8F=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cookie에 same-site 옵션과 secure 옵션 추가 --- .../com/mpnp/baechelin/util/CookieUtil.java | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/mpnp/baechelin/util/CookieUtil.java b/src/main/java/com/mpnp/baechelin/util/CookieUtil.java index a5bcc71..64e065a 100644 --- a/src/main/java/com/mpnp/baechelin/util/CookieUtil.java +++ b/src/main/java/com/mpnp/baechelin/util/CookieUtil.java @@ -1,5 +1,6 @@ package com.mpnp.baechelin.util; +import org.springframework.http.ResponseCookie; import org.springframework.util.SerializationUtils; import javax.servlet.http.Cookie; @@ -27,13 +28,23 @@ public static Optional getCookie(HttpServletRequest request, String name // 쿠키 생성 public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) { - Cookie cookie = new Cookie(name, value); + ResponseCookie cookie = ResponseCookie.from(name, value) + .path("/") + .httpOnly(true) + .maxAge(maxAge) + .secure(true) + .sameSite("None") + .build(); - cookie.setPath("/"); - cookie.setHttpOnly(true); // XSS 공격을 막기 위한 설정 - cookie.setMaxAge(maxAge); - - response.addCookie(cookie); + response.addHeader("Set-Cookie", cookie.toString()); +// Cookie cookie = new Cookie(name, value); +// +// cookie.setPath("/"); +// cookie.setHttpOnly(true); // XSS 공격을 막기 위한 설정 +// cookie.setMaxAge(maxAge); +// cookie.setSecure(true); +// +// response.addCookie(cookie); } // 쿠키 삭제 @@ -46,6 +57,7 @@ public static void deleteCookie(HttpServletRequest request, HttpServletResponse cookie.setValue(""); cookie.setPath("/"); cookie.setMaxAge(0); + cookie.setSecure(false); response.addCookie(cookie); }