refactor: 쿠키 정책 변경 - 환경에 따른 Domain과 SameSite=Lax (#461)

* style: 불필요한 개행 제거

- 두 줄이 개행되어있었다.

* refactor: SameSite를 Lax로 고정

* refactor: Domain에 따라 SameSite분기하던 코드 제거

* chore: 서브모듈 업데이트

Author: nayonsoso

src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java

@@ -10,6 +10,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.util.Arrays;
 import lombok.RequiredArgsConstructor;
+import org.springframework.boot.web.server.Cookie.SameSite;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Component;
@@ -46,7 +47,7 @@ private void setRefreshTokenCookie(
                 .path(PATH)
                 .maxAge(maxAge)
                 .domain(properties.cookieDomain())
-                .sameSite(properties.sameSite())
+                .sameSite(SameSite.LAX.attributeValue())
                 .build();
         response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
     }
@@ -72,4 +73,3 @@ public String getRefreshToken(HttpServletRequest request) {
         return refreshToken;
     }
 }
-

src/main/java/com/example/solidconnection/auth/controller/config/RefreshTokenCookieProperties.java

@@ -1,21 +1,10 @@
 package com.example.solidconnection.auth.controller.config;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.web.server.Cookie.SameSite;
 
 @ConfigurationProperties(prefix = "token.refresh")
 public record RefreshTokenCookieProperties(
         String cookieDomain
 ) {
 
-    public String sameSite() {
-        if (isDomainSet()) {
-            return SameSite.STRICT.attributeValue(); // 도메인을 지정한 경우 SameSite=Strict
-        }
-        return SameSite.NONE.attributeValue(); // 도메인을 지정하지 않은 경우 SameSite=None
-    }
-
-    private boolean isDomainSet() {
-        return cookieDomain != null && !cookieDomain.isBlank();
-    }
 }

src/main/resources/secret

@@ -19,6 +19,7 @@
 import org.junit.jupiter.params.provider.ValueSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.boot.web.server.Cookie.SameSite;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
@@ -34,13 +35,11 @@ class RefreshTokenCookieManagerTest {
     @MockBean
     private RefreshTokenCookieProperties refreshTokenCookieProperties;
 
-    private final String sameSite = "Strict";
     private final String domain = "example.com";
 
     @BeforeEach
     void setUp() {
         given(refreshTokenCookieProperties.cookieDomain()).willReturn(domain);
-        given(refreshTokenCookieProperties.sameSite()).willReturn(sameSite);
     }
 
     @Test
@@ -62,7 +61,7 @@ void setUp() {
                 () -> assertThat(header).contains("Path=/"),
                 () -> assertThat(header).contains("Max-Age=" + TokenType.REFRESH.getExpireTime() / 1000),
                 () -> assertThat(header).contains("Domain=" + domain),
-                () -> assertThat(header).contains("SameSite=" + sameSite)
+                () -> assertThat(header).contains("SameSite=" + SameSite.LAX.attributeValue())
         );
     }
 
@@ -84,7 +83,7 @@ void setUp() {
                 () -> assertThat(header).contains("Path=/"),
                 () -> assertThat(header).contains("Max-Age=0"),
                 () -> assertThat(header).contains("Domain=" + domain),
-                () -> assertThat(header).contains("SameSite=" + sameSite)
+                () -> assertThat(header).contains("SameSite=" + SameSite.LAX.attributeValue())
         );
     }