hotfix(CookieUtils): addCookieToResponse 수정

ssosee · ssosee · commit 475d5995bb6b · 2025-06-29T17:07:55.000+09:00
- SameSite 추가
diff --git a/src/main/java/com/dreamypatisiel/devdevdev/global/utils/CookieUtils.java b/src/main/java/com/dreamypatisiel/devdevdev/global/utils/CookieUtils.java
@@ -11,10 +11,12 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Base64;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.SerializationUtils;
 
-public class CookieUtils {
+public abstract class CookieUtils {
 
     public static final int DEFAULT_MAX_AGE = 180;
     public static final int REFRESH_MAX_AGE = 60 * 60 * 24 * 7;
@@ -27,6 +29,7 @@ public class CookieUtils {
     public static final String DEVDEVDEV_DOMAIN = "devdevdev.co.kr";
     public static final String ACTIVE = "active";
     public static final String INACTIVE = "inactive";
+    public static final String NONE = "None";
 
 
     public static Cookie getRequestCookieByName(HttpServletRequest request, String name) {
@@ -48,14 +51,16 @@ public static String getRequestCookieValueByName(HttpServletRequest request, Str
 
     public static void addCookieToResponse(HttpServletResponse response, String name, String value, int maxAge,
                                            boolean isHttpOnly, boolean isSecure) {
-        Cookie cookie = new Cookie(name, value);
-        cookie.setPath(DEFAULT_PATH);
-        cookie.setHttpOnly(isHttpOnly);
-        cookie.setSecure(isSecure);
-        cookie.setMaxAge(maxAge);
-        cookie.setDomain(DEVDEVDEV_DOMAIN);
-
-        response.addCookie(cookie);
+        ResponseCookie accessCookie = ResponseCookie.from(name, value)
+                .path(DEFAULT_PATH)
+                .domain(DEVDEVDEV_DOMAIN)
+                .maxAge(maxAge)
+                .httpOnly(isHttpOnly)
+                .secure(isSecure)
+                .sameSite(NONE)
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, accessCookie.toString());
     }
 
     // 쿠키를 삭제하려면 클라이언트에게 해당 쿠키가 더 이상 유효하지 않음을 알려야 합니다.
diff --git a/src/test/java/com/dreamypatisiel/devdevdev/global/utils/CookieUtilsTest.java b/src/test/java/com/dreamypatisiel/devdevdev/global/utils/CookieUtilsTest.java
@@ -183,6 +183,7 @@ void addCookie() {
         int maxAge = 100;
         boolean isHttpOnly = true;
         boolean isSecure = false;
+        String sameSite = "None";
 
         // when
         CookieUtils.addCookieToResponse(response, name, value, maxAge, isHttpOnly, isSecure);
@@ -195,7 +196,8 @@ void addCookie() {
                 () -> assertThat(cookie.getValue()).isEqualTo(value),
                 () -> assertThat(cookie.getMaxAge()).isEqualTo(maxAge),
                 () -> assertThat(cookie.isHttpOnly()).isEqualTo(isHttpOnly),
-                () -> assertThat(cookie.getSecure()).isEqualTo(isSecure)
+                () -> assertThat(cookie.getSecure()).isEqualTo(isSecure),
+                () -> assertThat(cookie.getAttribute("SameSite")).isEqualTo(sameSite)
         );
     }
 
