Skip to content

Commit 74f2dd7

Browse files
authored
merge from main 3
merge from main 3
2 parents e89ae14 + 50fb83e commit 74f2dd7

2 files changed

Lines changed: 11 additions & 2 deletions

File tree

src/main/java/com/bootsignal/global/security/jwt/JwtTokenCookieManager.java

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,17 @@ public class JwtTokenCookieManager {
3535

3636
private final boolean cookieSecure;
3737
private final String cookieSameSite;
38+
private final String cookieDomain;
3839
private final SecureRandom secureRandom = new SecureRandom();
3940

4041
public JwtTokenCookieManager(
4142
@Value("${app.security.jwt.cookie.secure:false}") boolean cookieSecure,
42-
@Value("${app.security.jwt.cookie.same-site:Lax}") String cookieSameSite
43+
@Value("${app.security.jwt.cookie.same-site:Lax}") String cookieSameSite,
44+
@Value("${app.security.jwt.cookie.domain:}") String cookieDomain
4345
) {
4446
this.cookieSecure = cookieSecure;
4547
this.cookieSameSite = StringUtils.hasText(cookieSameSite) ? cookieSameSite : "Lax";
48+
this.cookieDomain = StringUtils.hasText(cookieDomain) ? cookieDomain : null;
4649
}
4750

4851
public void addTokenCookies(HttpServletResponse response, LoginResponse loginResponse) {
@@ -124,11 +127,15 @@ private void addExpiredCookie(HttpServletResponse response, String name, String
124127
}
125128

126129
private ResponseCookie.ResponseCookieBuilder baseCookie(String name, String value, String path, boolean httpOnly) {
127-
return ResponseCookie.from(name, value)
130+
ResponseCookie.ResponseCookieBuilder builder = ResponseCookie.from(name, value)
128131
.httpOnly(httpOnly)
129132
.secure(cookieSecure)
130133
.path(path)
131134
.sameSite(cookieSameSite);
135+
if (cookieDomain != null) {
136+
builder = builder.domain(cookieDomain);
137+
}
138+
return builder;
132139
}
133140

134141
private String generateCsrfToken() {

src/main/resources/application-prod.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ app:
2626
# 운영 HTTPS 환경에서는 JWT 쿠키가 평문 HTTP로 전송되지 않도록 Secure 기본값을 true로 둔다.
2727
secure: ${JWT_COOKIE_SECURE:true}
2828
same-site: ${JWT_COOKIE_SAME_SITE:Lax}
29+
# CSRF 쿠키를 프론트(boot-signal.com)에서 JS로 읽으려면 상위 도메인으로 발급해야 한다.
30+
domain: ${JWT_COOKIE_DOMAIN:.boot-signal.com}
2931

3032
logging:
3133
level:

0 commit comments

Comments
 (0)