fix: SameSite 속성 사용을 위해 ResponseCookie 사용

Na-o-man · Aug 2, 2024 · c247dfe · c247dfe
1 parent a83fc20
commit c247dfe
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/src/main/java/com/umc/naoman/global/security/util/CookieUtils.java b/src/main/java/com/umc/naoman/global/security/util/CookieUtils.java
@@ -4,21 +4,24 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.SerializationUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
 import org.springframework.web.util.WebUtils;
 
 import java.io.Serializable;
 import java.util.Base64;
 
 public class CookieUtils {
-    public static void addCookie(HttpServletResponse response, String name, String value,
-                                 int maxAge) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setPath("/");
-        cookie.setMaxAge(maxAge);
-        // HTTPS 적용 시 함께 적용
-        cookie.setSecure(true);
-        cookie.setHttpOnly(true);
-        response.addCookie(cookie);
+    public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) {
+        ResponseCookie cookie = ResponseCookie.from(name, value)
+                .path("/")
+                .maxAge(maxAge)
+                .httpOnly(true)
+                .secure(true)
+                .sameSite("None")
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
     }
 
     public static void deleteCookie(HttpServletRequest request, HttpServletResponse response,