From 710cb1d0f6bf10161602b3f98915831ed35a4a90 Mon Sep 17 00:00:00 2001 From: htlee Date: Tue, 17 Feb 2026 17:37:41 +0900 Subject: [PATCH] =?UTF-8?q?fix(audit):=20origin=5Fdomain=20=EC=B6=94?= =?UTF-8?q?=EC=B6=9C=20=EC=8B=9C=20Referer=20=ED=97=A4=EB=8D=94=20fallback?= =?UTF-8?q?=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit same-origin 요청(guide→guide)은 Origin 헤더가 없으므로 Referer 헤더에서 도메인을 추출하도록 fallback 로직 추가 Co-Authored-By: Claude Opus 4.6 --- .../gcsc/guide/config/ApiAccessLogInterceptor.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java b/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java index d1db598..c3de261 100644 --- a/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java +++ b/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java @@ -49,7 +49,8 @@ public class ApiAccessLogInterceptor implements HandlerInterceptor { } } - String originDomain = extractOriginDomain(request.getHeader("Origin")); + String originDomain = resolveOriginDomain( + request.getHeader("Origin"), request.getHeader("Referer")); String queryString = request.getQueryString(); if (queryString != null && queryString.length() > 2000) { @@ -75,14 +76,15 @@ public class ApiAccessLogInterceptor implements HandlerInterceptor { } } - private String extractOriginDomain(String origin) { - if (origin == null || origin.isBlank()) { + private String resolveOriginDomain(String origin, String referer) { + String url = (origin != null && !origin.isBlank()) ? origin : referer; + if (url == null || url.isBlank()) { return null; } try { - return URI.create(origin).getHost(); + return URI.create(url).getHost(); } catch (Exception e) { - return origin; + return null; } } }