KW-ClassLog · mumminn · Oct 19, 2025 · Oct 19, 2025
diff --git a/backend/src/main/java/org/example/backend/domain/user/service/AuthServiceImpl.java b/backend/src/main/java/org/example/backend/domain/user/service/AuthServiceImpl.java
@@ -181,8 +181,12 @@ private LoginResponseDTO.KakaoLoginResponse kakaoUserLogin(HashMap<String, Objec
         response.addHeader("Authorization","Bearer "+accessToken);
 
         // refresh token 응답 Header
+//        response.addHeader("Set-Cookie","refresh_token="+refreshToken+
+//                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+
+        // 테스트용 쿠키 설정
         response.addHeader("Set-Cookie","refresh_token="+refreshToken+
-                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+                "; HttpOnly; SameSite=Lax; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
 
         // role 기반으로 온보딩 여부 판단
         boolean onboardingRequired = user.getRole() == Role.UNKNOWN;
@@ -218,7 +222,11 @@ public void kakaoOnboarding(OnboardingRequestDTO dto, HttpServletResponse respon
         response.addHeader("Authorization","Bearer "+accessToken);
 
         // refresh token 응답 Header
+//        response.addHeader("Set-Cookie","refresh_token="+refreshToken+
+//                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+
+        // 테스트용 쿠키 설정
         response.addHeader("Set-Cookie","refresh_token="+refreshToken+
-                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+                "; HttpOnly; SameSite=Lax; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
     }
 }
diff --git a/backend/src/main/java/org/example/backend/global/security/filter/LoginFilter.java b/backend/src/main/java/org/example/backend/global/security/filter/LoginFilter.java
@@ -96,8 +96,12 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR
         response.addHeader("Authorization","Bearer "+accessToken);
 
         // refresh token 응답 Header
+//        response.addHeader("Set-Cookie","refresh_token="+refreshToken+
+//                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+
+        // 테스트용 쿠키 설정
         response.addHeader("Set-Cookie","refresh_token="+refreshToken+
-                "; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
+                "; HttpOnly; SameSite=Lax; Path=/; Max-Age=" + (14 * 24 * 60 * 60));
 
         // 응답 body
         response.setStatus(HttpServletResponse.SC_OK);