sso url 하드코딩 수정

브라우저 탭 문구 수정
2026-01-16 14:01:01 +09:00 · 2026-01-16 13:39:49 +09:00
4 changed files with 15 additions and 6 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -1 +1,2 @@
-JWT_SECRET=your_jwt_secret_key_here
+JWT_SECRET=your_jwt_secret_key_here
+SSO_URL=sso_url_here
--- a/sso-demo/public/js/sso.js
+++ b/sso-demo/public/js/sso.js
@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
    if (ssoLoginButton) {
        ssoLoginButton.addEventListener('click', () => {
            // Open the SSO provider's login page in a popup
-            const ssoUrl = 'https://sso.hmac.kr/'; // Real SSO provider URL
+            
            const popupWidth = 500;
            const popupHeight = 600;
            const left = (screen.width / 2) - (popupWidth / 2);
@@ -19,8 +19,9 @@ document.addEventListener('DOMContentLoaded', () => {
            // Listen for a message from the popup
            window.addEventListener('message', (event) => {
                // IMPORTANT: Verify the origin of the message for security
-                if (event.origin !== 'https://sso.hmac.kr') {
-                    console.warn('Received message from untrusted origin:', event.origin);
+                const ssoOrigin = new URL(ssoUrl).origin;
+                if (event.origin !== ssoOrigin) {
+                    console.warn(`Received message from untrusted origin: ${event.origin}, expected: ${ssoOrigin}`);
                    return;
                }

--- a/sso-demo/routes/index.js
+++ b/sso-demo/routes/index.js
@@ -4,7 +4,10 @@ const router = express.Router();
 // GET home page
 router.get('/', (req, res, next) => {
    // The ssoHandler middleware has already attached the user to res.locals
-    res.render('index', { user: res.locals.user });
+    res.render('index', { 
+        user: res.locals.user,
+        ssoUrl: process.env.SSO_URL // Pass SSO_URL to the template
+    });
 });

 // GET logout
--- a/sso-demo/views/index.ejs
+++ b/sso-demo/views/index.ejs
@@ -3,7 +3,7 @@
 <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Express SSO Login Demo</title>
+    <title>ExpressJS SSO Login Demo</title>
    <link rel="stylesheet" href="/css/style.css">
 </head>
 <body>
@@ -69,6 +69,10 @@
        </main>
    </div>

+    <script>
+        // Pass the SSO URL from the server (via the template) to the client-side JS
+        const ssoUrl = '<%= ssoUrl %>';
+    </script>
    <script src="/js/sso.js"></script>
 </body>
 </html>
Author	SHA1	Message	Date
kyy	3f403e53ce	sso url 하드코딩 수정	2026-01-16 14:01:01 +09:00
kyy	c7af13f749	브라우저 탭 문구 수정	2026-01-16 13:39:49 +09:00