fix: 쿠키 삭제 시 설정 일치 #384

woowacourse-teams · Oct 24, 2024 · b910cd9 · b910cd9
1 parent d1a575a
commit b910cd9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/backend/src/main/java/ddangkong/controller/room/RoomController.java b/backend/src/main/java/ddangkong/controller/room/RoomController.java
@@ -84,9 +84,10 @@ public RoomJoinResponse joinRoom(@PathVariable String uuid,
     @DeleteMapping("/balances/rooms/{roomId}/members/{memberId}")
     public void leaveRoom(@PathVariable @Positive Long roomId,
                           @PathVariable @Positive Long memberId,
+                          HttpServletRequest request,
                           HttpServletResponse response) {
         roomFacade.leaveRoom(roomId, memberId);
-        deleteCookie(response);
+        deleteCookie(request, response);
     }
 
     @ResponseStatus(HttpStatus.NO_CONTENT)
@@ -133,8 +134,10 @@ private void setEncryptCookie(HttpServletRequest request,
         response.addHeader(HttpHeaders.SET_COOKIE, encodedCookie.toString());
     }
 
-    private void deleteCookie(HttpServletResponse response) {
-        ResponseCookie deleteCookie = roomMemberCookieEncryptor.deleteCookie();
+    private void deleteCookie(HttpServletRequest request,
+                              HttpServletResponse response) {
+        String origin = request.getHeader(HttpHeaders.ORIGIN);
+        ResponseCookie deleteCookie = roomMemberCookieEncryptor.deleteCookie(origin);
         response.addHeader(HttpHeaders.SET_COOKIE, deleteCookie.toString());
     }
 }
diff --git a/backend/src/main/java/ddangkong/controller/room/RoomMemberCookieEncryptor.java b/backend/src/main/java/ddangkong/controller/room/RoomMemberCookieEncryptor.java
@@ -8,7 +8,6 @@
 @Component
 public class RoomMemberCookieEncryptor {
 
-    private static final String ROOT_PATH = "/";
     private static final String DEFAULT_PATH = "/api/balances/rooms";
     private static final String LOCALHOST = "http://localhost";
 
@@ -31,11 +30,12 @@ public ResponseCookie getEncodedCookie(Object value, String origin) {
                 .build();
     }
 
-    public ResponseCookie deleteCookie() {
+    public ResponseCookie deleteCookie(String origin) {
         return ResponseCookie.from(rejoinKey, null)
                 .httpOnly(true)
                 .secure(true)
-                .path(ROOT_PATH)
+                .path(DEFAULT_PATH)
+                .sameSite(getSameSiteOption(origin))
                 .maxAge(0)
                 .build();
     }