From ac879f8e3854daa2a87cbe85a83ba0a4faa1e8bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=9D=B4=EC=8A=B9=EC=A4=80?=
 <105282117+sengjun0624@users.noreply.github.com>
Date: Thu, 5 Jun 2025 14:10:17 +0900
Subject: [PATCH] =?UTF-8?q?:bug:=20Fix:=20Cookie=EC=97=90=20=20CrossDomain?=
 =?UTF-8?q?=EC=9D=84=20=ED=97=88=EC=9A=A9=20(#63)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../admin/controller/AdminAuthController.java | 140 +++++++++---------
 1 file changed, 71 insertions(+), 69 deletions(-)

diff --git a/src/main/java/dev/admin/admin/controller/AdminAuthController.java b/src/main/java/dev/admin/admin/controller/AdminAuthController.java
index 35f9c4e..1569860 100644
--- a/src/main/java/dev/admin/admin/controller/AdminAuthController.java
+++ b/src/main/java/dev/admin/admin/controller/AdminAuthController.java
@@ -9,6 +9,7 @@
 import dev.admin.global.apiPayload.ApiResponse;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
@@ -18,73 +19,74 @@
 @RequiredArgsConstructor
 public class AdminAuthController {
 
-    private final AdminAuthCommandService authCommandService;
-    private final JwtUtil jwtUtil;
-
-    @PostMapping("/login")
-    public ApiResponse<JwtDto> login(@RequestBody LoginRequestDto requestDto, HttpServletResponse response) {
-        JwtDto tokenDto = authCommandService.login(requestDto);
-
-        ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", tokenDto.getAccessToken())
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .sameSite("Lax")
-                .maxAge(60 * 60)
-                .build();
-
-        ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", tokenDto.getRefreshToken())
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .sameSite("Lax")
-                .maxAge(7 * 24 * 60 * 60)
-                .build();
-
-        response.addHeader("Set-Cookie", accessTokenCookie.toString());
-        response.addHeader("Set-Cookie", refreshTokenCookie.toString());
-
-        return ApiResponse.onSuccess(tokenDto);
-    }
-
-    @PostMapping("/logout")
-    public ApiResponse<Void> logout(@CookieValue("refreshToken") String refreshToken,
-                                       HttpServletResponse response) {
-        authCommandService.logout(refreshToken);
-
-        ResponseCookie clearAccessToken = ResponseCookie.from("accessToken", "")
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .maxAge(0)
-                .sameSite("Lax")
-                .build();
-
-        ResponseCookie clearRefreshToken = ResponseCookie.from("refreshToken", "")
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .maxAge(0)
-                .sameSite("Lax")
-                .build();
-
-        response.addHeader("Set-Cookie", clearAccessToken.toString());
-        response.addHeader("Set-Cookie", clearRefreshToken.toString());
-
-        return ApiResponse.onSuccess(null);
-    }
-
-    @GetMapping("/me")
-    public ApiResponse<AdminInfoResponse> me(@CookieValue("accessToken") String accessToken) {
-        JwtPayload payload = jwtUtil.parseToken(accessToken);
-
-        AdminInfoResponse info = new AdminInfoResponse(
-                payload.getSub(),
-                payload.getEmail(),
-                payload.getName(),
-                payload.getRole()
-        );
-
-        return ApiResponse.onSuccess(info);
-    }
+	private final AdminAuthCommandService authCommandService;
+	private final JwtUtil jwtUtil;
+
+	@PostMapping("/login")
+	public ApiResponse<JwtDto> login(@RequestBody LoginRequestDto requestDto, HttpServletResponse response) {
+		JwtDto tokenDto = authCommandService.login(requestDto);
+
+		ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", tokenDto.getAccessToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(60 * 60)
+			.build();
+
+		ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", tokenDto.getRefreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(7 * 24 * 60 * 60)
+			.build();
+
+		response.addHeader("Set-Cookie", accessTokenCookie.toString());
+		response.addHeader("Set-Cookie", refreshTokenCookie.toString());
+
+		return ApiResponse.onSuccess(tokenDto);
+	}
+
+	@PostMapping("/logout")
+	public ApiResponse<Void> logout(@CookieValue("refreshToken") String refreshToken,
+		HttpServletResponse response) {
+		authCommandService.logout(refreshToken);
+
+		ResponseCookie clearAccessToken = ResponseCookie.from("accessToken", "")
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(0)
+			.build();
+
+		ResponseCookie clearRefreshToken = ResponseCookie.from("refreshToken", "")
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(0)
+			.build();
+
+
+		response.addHeader("Set-Cookie", clearAccessToken.toString());
+		response.addHeader("Set-Cookie", clearRefreshToken.toString());
+
+		return ApiResponse.onSuccess(null);
+	}
+
+	@GetMapping("/me")
+	public ApiResponse<AdminInfoResponse> me(@CookieValue("accessToken") String accessToken) {
+		JwtPayload payload = jwtUtil.parseToken(accessToken);
+
+		AdminInfoResponse info = new AdminInfoResponse(
+			payload.getSub(),
+			payload.getEmail(),
+			payload.getName(),
+			payload.getRole()
+		);
+
+		return ApiResponse.onSuccess(info);
+	}
 }