diff --git a/src/main/java/WELLET/welletServer/config/CorsMvcConfig.java b/src/main/java/WELLET/welletServer/config/CorsMvcConfig.java deleted file mode 100644 index d7ee7b7..0000000 --- a/src/main/java/WELLET/welletServer/config/CorsMvcConfig.java +++ /dev/null @@ -1,22 +0,0 @@ -package WELLET.welletServer.config; - -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.config.annotation.CorsRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; - -@Configuration -public class CorsMvcConfig implements WebMvcConfigurer { - - @Value("${cors.allowed.origin}") - private String frontendUrl; - - @Override - public void addCorsMappings(CorsRegistry corsRegistry) { - - corsRegistry.addMapping("/**") - .exposedHeaders("Set-Cookie") - .allowedOrigins("http://localhost:8000") - .allowedOrigins(frontendUrl);// 프론트 서버 주소 - } -} diff --git a/src/main/java/WELLET/welletServer/config/SecurityConfig.java b/src/main/java/WELLET/welletServer/config/SecurityConfig.java index 48520a3..dea3bc5 100644 --- a/src/main/java/WELLET/welletServer/config/SecurityConfig.java +++ b/src/main/java/WELLET/welletServer/config/SecurityConfig.java @@ -51,8 +51,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(request -> { request.requestMatchers( -// antMatcher("/health") + antMatcher("/health"), antMatcher("/login"), + antMatcher("/home"), antMatcher("/**") ).permitAll() .anyRequest().authenticated(); diff --git a/src/main/java/WELLET/welletServer/kakaologin/controller/KakaoLoginController.java b/src/main/java/WELLET/welletServer/kakaologin/controller/KakaoLoginController.java index d529c87..6fcd29d 100644 --- a/src/main/java/WELLET/welletServer/kakaologin/controller/KakaoLoginController.java +++ b/src/main/java/WELLET/welletServer/kakaologin/controller/KakaoLoginController.java @@ -91,23 +91,23 @@ public String callback(@RequestParam("code") String code, HttpServletResponse re String jwtToken = jwtService.generateToken(member); // 생성된 또는 업데이트된 사용자로 JWT 생성 // //// // 5. 쿠키에 JWT 저장 -// Cookie jwtCookie = new Cookie("jwtToken", jwtToken); -// jwtCookie.setHttpOnly(true); // JavaScript로 쿠키에 접근 불가 -// jwtCookie.setSecure(false); // HTTPS에서만 전송 -// jwtCookie.setMaxAge(60 * 60 * 24); // 쿠키 유효 시간 설정 -// jwtCookie.setPath("/"); // 쿠키를 모든 경로에 적용 -// + Cookie jwtCookie = new Cookie("jwtToken", jwtToken); + jwtCookie.setHttpOnly(true); // JavaScript로 쿠키에 접근 불가 + jwtCookie.setSecure(true); // HTTPS에서만 전송 + jwtCookie.setMaxAge(60 * 60 * 24); // 쿠키 유효 시간 설정 + jwtCookie.setPath("/"); // 쿠키를 모든 경로에 적용 + // jwtCookie.setDomain(frontendUrl); -// response.addCookie(jwtCookie); - - ResponseCookie jwtCookie = ResponseCookie.from("jwtToken", jwtToken) - .httpOnly(true) - .secure(true) - .path("/") - .sameSite("None") - .maxAge(60 * 60 * 24) - .build(); - response.addHeader(HttpHeaders.SET_COOKIE, jwtCookie.toString()); + response.addCookie(jwtCookie); + +// ResponseCookie jwtCookie = ResponseCookie.from("jwtToken", jwtToken) +// .httpOnly(true) +//// .secure(true) +// .path("/") +// .sameSite("None") +// .maxAge(60 * 60 * 24) +// .build(); +// response.addHeader(HttpHeaders.SET_COOKIE, jwtCookie.toString()); // 리다이렉트 URL 설정