From f565a2bddcf59d6e2e09be37dd68d736b05b80f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=A0=95=EC=A7=80=EC=9C=A4?= <samtori3849@gmail.com>
Date: Sun, 17 Aug 2025 07:23:13 +0900
Subject: [PATCH 1/4] =?UTF-8?q?[Feat]=20=ED=94=84=EB=A1=A0=ED=8A=B8=20?=
 =?UTF-8?q?=EB=B0=B0=ED=8F=AC=20=EC=A3=BC=EC=86=8C=EB=A1=9C=20Cors=20?=
 =?UTF-8?q?=EC=84=A4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/org/example/studylog/config/CorsMvcConfig.java  | 2 +-
 src/main/java/org/example/studylog/config/SecurityConfig.java | 2 +-
 src/main/java/org/example/studylog/util/CookieUtil.java       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/example/studylog/config/CorsMvcConfig.java b/src/main/java/org/example/studylog/config/CorsMvcConfig.java
index 9c974a5..83de20f 100644
--- a/src/main/java/org/example/studylog/config/CorsMvcConfig.java
+++ b/src/main/java/org/example/studylog/config/CorsMvcConfig.java
@@ -11,7 +11,7 @@ public class CorsMvcConfig implements WebMvcConfigurer {
     public void addCorsMappings(CorsRegistry corsRegistry) {
         corsRegistry.addMapping("/**")
                 .exposedHeaders("Set-Cookie")
-                .allowedOrigins("http://localhost:5173")
+                .allowedOrigins("http://localhost:5174", "https://web.studylog.shop")
                 .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"); // PATCH & OPTIONS 포함;
     }
 }
diff --git a/src/main/java/org/example/studylog/config/SecurityConfig.java b/src/main/java/org/example/studylog/config/SecurityConfig.java
index 1bd56dc..a68d2ef 100644
--- a/src/main/java/org/example/studylog/config/SecurityConfig.java
+++ b/src/main/java/org/example/studylog/config/SecurityConfig.java
@@ -53,7 +53,7 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
 
                         CorsConfiguration configuration = new CorsConfiguration();
 
-                        configuration.setAllowedOrigins(Collections.singletonList("http://localhost:5173"));
+                        configuration.setAllowedOrigins(Arrays.asList("http://localhost:5174", "https://web.studylog.shop"));
                         configuration.setAllowedMethods(Arrays.asList(
                                 "GET","POST","PUT","PATCH","DELETE","OPTIONS"
                         ));
diff --git a/src/main/java/org/example/studylog/util/CookieUtil.java b/src/main/java/org/example/studylog/util/CookieUtil.java
index 97bd840..4341569 100644
--- a/src/main/java/org/example/studylog/util/CookieUtil.java
+++ b/src/main/java/org/example/studylog/util/CookieUtil.java
@@ -6,9 +6,9 @@ public class CookieUtil {
     public static Cookie createCookie(String key, String value){
         Cookie cookie = new Cookie(key, value);
         cookie.setMaxAge(60*60*60);
-        //cookie.setSecure(true);
         cookie.setPath("/");
         cookie.setHttpOnly(true);
+//        cookie.setSecure(true);
 
         return cookie;
     }

From 56b563eff8a3c1593fcac6d5b2b6ebe83ce98a45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=A0=95=EC=A7=80=EC=9C=A4?= <samtori3849@gmail.com>
Date: Sun, 17 Aug 2025 07:54:41 +0900
Subject: [PATCH 2/4] =?UTF-8?q?[Feat]=20Servlet=20=EC=BF=A0=ED=82=A4?=
 =?UTF-8?q?=EB=A5=BC=20ResponseCookie=EB=A1=9C=20=EB=B3=80=EA=B2=BD=20?=
 =?UTF-8?q?=EB=B0=8F=20Samesite=20=EC=98=B5=EC=85=98=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/example/studylog/util/CookieUtil.java | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/example/studylog/util/CookieUtil.java b/src/main/java/org/example/studylog/util/CookieUtil.java
index 4341569..2ba45a9 100644
--- a/src/main/java/org/example/studylog/util/CookieUtil.java
+++ b/src/main/java/org/example/studylog/util/CookieUtil.java
@@ -1,15 +1,16 @@
 package org.example.studylog.util;
 
-import jakarta.servlet.http.Cookie;
+import org.springframework.http.ResponseCookie;
 
 public class CookieUtil {
-    public static Cookie createCookie(String key, String value){
-        Cookie cookie = new Cookie(key, value);
-        cookie.setMaxAge(60*60*60);
-        cookie.setPath("/");
-        cookie.setHttpOnly(true);
-//        cookie.setSecure(true);
-
-        return cookie;
+    public static ResponseCookie createCookie(String key, String value){
+        return ResponseCookie.from(key, value)
+                .httpOnly(true)              // JS 접근 불가
+                .path("/")                   // 모든 경로에서 쿠키 전송
+                .maxAge(60 * 60 * 60)        // 유효 시간 (초 단위)
+//                .secure(true)                // HTTPS에서만 전송
+//                .domain(".studylog.shop")    // 도메인 지정 (서브도메인 포함)
+//                .sameSite("None")            // 크로스 도메인 쿠키 허용 시 필요
+                .build();
     }
 }

From 28316975bdcc42c89275f2df7d4e6fdf16f611a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=A0=95=EC=A7=80=EC=9C=A4?= <samtori3849@gmail.com>
Date: Sun, 17 Aug 2025 07:55:31 +0900
Subject: [PATCH 3/4] =?UTF-8?q?[Refactor]=20=EB=B0=94=EB=80=90=20=EC=BF=A0?=
 =?UTF-8?q?=ED=82=A4=20=EB=B3=80=EA=B2=BD=20=EB=A1=9C=EC=A7=81=20=EB=B0=98?=
 =?UTF-8?q?=EC=98=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/example/studylog/controller/jwt/AuthController.java  | 4 +++-
 .../org/example/studylog/oauth2/CustomSuccessHandler.java    | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/example/studylog/controller/jwt/AuthController.java b/src/main/java/org/example/studylog/controller/jwt/AuthController.java
index 91d105f..b96b1f5 100644
--- a/src/main/java/org/example/studylog/controller/jwt/AuthController.java
+++ b/src/main/java/org/example/studylog/controller/jwt/AuthController.java
@@ -15,6 +15,7 @@
 import org.example.studylog.service.TokenService;
 import org.example.studylog.util.CookieUtil;
 import org.example.studylog.util.ResponseUtil;
+import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -66,7 +67,8 @@ public ResponseEntity<?> reissue(HttpServletRequest request, HttpServletResponse
         TokenDTO tokenDTO = tokenService.reissueAccessToken(refresh);
 
         // Refresh 토큰은 쿠키로 전달
-        response.addCookie(CookieUtil.createCookie("refresh", tokenDTO.getRefreshToken()));
+        ResponseCookie cookie = CookieUtil.createCookie("refresh", tokenDTO.getRefreshToken());
+        response.addHeader("Set-Cookie", cookie.toString());
 
         // Access 토큰, code, isNewUser는 body로 전달
         TokenDTO.ResponseDTO dto = TokenDTO.ResponseDTO.builder()
diff --git a/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java b/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java
index a821550..6338c6e 100644
--- a/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java
+++ b/src/main/java/org/example/studylog/oauth2/CustomSuccessHandler.java
@@ -9,6 +9,7 @@
 import org.example.studylog.service.TokenService;
 import org.example.studylog.util.CookieUtil;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
@@ -52,7 +53,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         // refresh 토큰 저장
         tokenService.addRefreshEntity(oauthId, refresh, 86400000L);
 
-        response.addCookie(CookieUtil.createCookie("refresh", refresh));
+        // ResponseCookie 생성하여 응답 헤더에 추가
+        ResponseCookie cookie = CookieUtil.createCookie("refresh", refresh);
+        response.addHeader("Set-Cookie", cookie.toString());
 
         // 회원가입 화면으로 리다이렉션(임시: 프론트 로그인 완료 화면으로 변경 예정)
         response.sendRedirect(redirectUri);

From 0c194febc5378a30850d8f80379d3da029af617c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=A0=95=EC=A7=80=EC=9C=A4?= <samtori3849@gmail.com>
Date: Sun, 17 Aug 2025 10:41:28 +0900
Subject: [PATCH 4/4] =?UTF-8?q?[Feat]=20=EC=BF=A0=ED=82=A4=EC=97=90=20secu?=
 =?UTF-8?q?re,=20domain,=20sameSite=20=EC=98=B5=EC=85=98=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/org/example/studylog/util/CookieUtil.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/example/studylog/util/CookieUtil.java b/src/main/java/org/example/studylog/util/CookieUtil.java
index 2ba45a9..10d7af5 100644
--- a/src/main/java/org/example/studylog/util/CookieUtil.java
+++ b/src/main/java/org/example/studylog/util/CookieUtil.java
@@ -8,9 +8,9 @@ public static ResponseCookie createCookie(String key, String value){
                 .httpOnly(true)              // JS 접근 불가
                 .path("/")                   // 모든 경로에서 쿠키 전송
                 .maxAge(60 * 60 * 60)        // 유효 시간 (초 단위)
-//                .secure(true)                // HTTPS에서만 전송
-//                .domain(".studylog.shop")    // 도메인 지정 (서브도메인 포함)
-//                .sameSite("None")            // 크로스 도메인 쿠키 허용 시 필요
+                .secure(true)                // HTTPS에서만 전송
+                .domain(".studylog.shop")    // 도메인 지정 (서브도메인 포함)
+                .sameSite("None")            // 크로스 도메인 쿠키 허용 시 필요
                 .build();
     }
 }