Skip to content

Commit fca431d

Browse files
committed
Revert "fix: CSRF 토큰 폴백 엔드포인트 추가 (GET /api/auth/csrf-token)"
This reverts commit a6b7125.
1 parent a6b7125 commit fca431d

2 files changed

Lines changed: 1 addition & 10 deletions

File tree

src/main/java/com/bootsignal/domain/auth/controller/AuthController.java

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
import com.bootsignal.domain.auth.dto.SignupRequest;
1414
import com.bootsignal.domain.auth.dto.SignupResponse;
1515
import com.bootsignal.domain.auth.service.AuthService;
16-
import com.bootsignal.global.response.ApiResponse;
1716
import com.bootsignal.global.security.jwt.JwtTokenCookieManager;
1817
import jakarta.servlet.http.HttpServletRequest;
1918
import jakarta.servlet.http.HttpServletResponse;
@@ -110,11 +109,4 @@ public void logout(HttpServletRequest request, HttpServletResponse response) {
110109
jwtTokenCookieManager.clearTokenCookies(response);
111110
}
112111
}
113-
114-
// JS가 쿠키 도메인 불일치로 XSRF-TOKEN을 읽지 못하는 경우의 폴백 엔드포인트.
115-
// CORS로 허용된 오리진만 응답을 읽을 수 있으므로 토큰 노출 위험이 없다.
116-
@GetMapping("/csrf-token")
117-
public ApiResponse<String> csrfToken(HttpServletRequest request) {
118-
return ApiResponse.success(jwtTokenCookieManager.resolveCsrfToken(request));
119-
}
120112
}

src/main/java/com/bootsignal/global/config/SecurityConfig.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,7 @@ public SecurityFilterChain securityFilterChain(
6767
"/api/auth/refresh",
6868
"/api/auth/logout",
6969
"/api/auth/password/forgot",
70-
"/api/auth/password/reset",
71-
"/api/auth/csrf-token"
70+
"/api/auth/password/reset"
7271
).permitAll()
7372
.requestMatchers(HttpMethod.GET, "/api/courses", "/api/courses/**").permitAll()
7473
.requestMatchers(HttpMethod.GET, "/api/course-sessions/**").permitAll()

0 commit comments

Comments
 (0)