Team-Tokkit · sengjun0624 · Jun 5, 2025 · Jun 5, 2025
diff --git a/src/main/java/dev/admin/admin/controller/AdminAuthController.java b/src/main/java/dev/admin/admin/controller/AdminAuthController.java
@@ -9,6 +9,7 @@
 import dev.admin.global.apiPayload.ApiResponse;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+
 import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
@@ -18,73 +19,74 @@
 @RequiredArgsConstructor
 public class AdminAuthController {
 
-    private final AdminAuthCommandService authCommandService;
-    private final JwtUtil jwtUtil;
-
-    @PostMapping("/login")
-    public ApiResponse<JwtDto> login(@RequestBody LoginRequestDto requestDto, HttpServletResponse response) {
-        JwtDto tokenDto = authCommandService.login(requestDto);
-
-        ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", tokenDto.getAccessToken())
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .sameSite("Lax")
-                .maxAge(60 * 60)
-                .build();
-
-        ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", tokenDto.getRefreshToken())
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .sameSite("Lax")
-                .maxAge(7 * 24 * 60 * 60)
-                .build();
-
-        response.addHeader("Set-Cookie", accessTokenCookie.toString());
-        response.addHeader("Set-Cookie", refreshTokenCookie.toString());
-
-        return ApiResponse.onSuccess(tokenDto);
-    }
-
-    @PostMapping("/logout")
-    public ApiResponse<Void> logout(@CookieValue("refreshToken") String refreshToken,
-                                       HttpServletResponse response) {
-        authCommandService.logout(refreshToken);
-
-        ResponseCookie clearAccessToken = ResponseCookie.from("accessToken", "")
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .maxAge(0)
-                .sameSite("Lax")
-                .build();
-
-        ResponseCookie clearRefreshToken = ResponseCookie.from("refreshToken", "")
-                .httpOnly(true)
-                .secure(false)
-                .path("/")
-                .maxAge(0)
-                .sameSite("Lax")
-                .build();
-
-        response.addHeader("Set-Cookie", clearAccessToken.toString());
-        response.addHeader("Set-Cookie", clearRefreshToken.toString());
-
-        return ApiResponse.onSuccess(null);
-    }
-
-    @GetMapping("/me")
-    public ApiResponse<AdminInfoResponse> me(@CookieValue("accessToken") String accessToken) {
-        JwtPayload payload = jwtUtil.parseToken(accessToken);
-
-        AdminInfoResponse info = new AdminInfoResponse(
-                payload.getSub(),
-                payload.getEmail(),
-                payload.getName(),
-                payload.getRole()
-        );
-
-        return ApiResponse.onSuccess(info);
-    }
+	private final AdminAuthCommandService authCommandService;
+	private final JwtUtil jwtUtil;
+
+	@PostMapping("/login")
+	public ApiResponse<JwtDto> login(@RequestBody LoginRequestDto requestDto, HttpServletResponse response) {
+		JwtDto tokenDto = authCommandService.login(requestDto);
+
+		ResponseCookie accessTokenCookie = ResponseCookie.from("accessToken", tokenDto.getAccessToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(60 * 60)
+			.build();
+
+		ResponseCookie refreshTokenCookie = ResponseCookie.from("refreshToken", tokenDto.getRefreshToken())
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(7 * 24 * 60 * 60)
+			.build();
+
+		response.addHeader("Set-Cookie", accessTokenCookie.toString());
+		response.addHeader("Set-Cookie", refreshTokenCookie.toString());
+
+		return ApiResponse.onSuccess(tokenDto);
+	}
+
+	@PostMapping("/logout")
+	public ApiResponse<Void> logout(@CookieValue("refreshToken") String refreshToken,
+		HttpServletResponse response) {
+		authCommandService.logout(refreshToken);
+
+		ResponseCookie clearAccessToken = ResponseCookie.from("accessToken", "")
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(0)
+			.build();
+
+		ResponseCookie clearRefreshToken = ResponseCookie.from("refreshToken", "")
+			.httpOnly(true)
+			.secure(true)
+			.path("/")
+			.sameSite("None")
+			.maxAge(0)
+			.build();
+
+
+		response.addHeader("Set-Cookie", clearAccessToken.toString());
+		response.addHeader("Set-Cookie", clearRefreshToken.toString());
+
+		return ApiResponse.onSuccess(null);
+	}
+
+	@GetMapping("/me")
+	public ApiResponse<AdminInfoResponse> me(@CookieValue("accessToken") String accessToken) {
+		JwtPayload payload = jwtUtil.parseToken(accessToken);
+
+		AdminInfoResponse info = new AdminInfoResponse(
+			payload.getSub(),
+			payload.getEmail(),
+			payload.getName(),
+			payload.getRole()
+		);
+
+		return ApiResponse.onSuccess(info);
+	}
 }