fix: authorization-token을 헤더에 넣기

CERT-IS · Aug 27, 2024 · bf822a9 · bf822a9
1 parent 9e8e404
commit bf822a9
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/main/java/certis/CertisHomepage/web/controller/UserController.java b/src/main/java/certis/CertisHomepage/web/controller/UserController.java
@@ -69,12 +69,13 @@ public ResponseEntity<TokenResponse> login(
 
         var response = userService.login(userLoginRequest);
 
+        String accesstoken = response.getAccessToken();
         String refreshToken = response.getRefreshToken();
 
         long refreshTokenMaxAge = Duration.between(LocalDateTime.now(), response.getRefreshTokenExpiredAt()).getSeconds();
 
         ResponseCookie refreshTokenCookie =  ResponseCookie.from("refresh-token",refreshToken)
-                .httpOnly(true)
+                .httpOnly(false) // js에서 쿠키확인을 못함
                 .path("/")
                 .maxAge(refreshTokenMaxAge)
                 .secure(false) //https 환경에서만 쿠키가 발동 이거는 애매하네.
@@ -83,6 +84,7 @@ public ResponseEntity<TokenResponse> login(
 
         return ResponseEntity.ok()
                 .header(HttpHeaders.SET_COOKIE, refreshTokenCookie.toString())
+                .header("authorization-token", accesstoken)
                 .body(response);
 
     }