fix(audit): origin_domain 추출 시 Referer 헤더 fallback 추가

same-origin 요청(guide→guide)은 Origin 헤더가 없으므로 Referer 헤더에서 도메인을 추출하도록 fallback 로직 추가 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 17:37:41 +09:00 · 2026-02-17 17:37:41 +09:00 · 710cb1d0f6
--- a/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java
+++ b/src/main/java/com/gcsc/guide/config/ApiAccessLogInterceptor.java
@ -49,7 +49,8 @@ public class ApiAccessLogInterceptor implements HandlerInterceptor {
                }
            }

-            String originDomain = extractOriginDomain(request.getHeader("Origin"));
+            String originDomain = resolveOriginDomain(
+                request.getHeader("Origin"), request.getHeader("Referer"));

            String queryString = request.getQueryString();
            if (queryString != null && queryString.length() > 2000) {
@ -75,14 +76,15 @@ public class ApiAccessLogInterceptor implements HandlerInterceptor {
        }
    }

-    private String extractOriginDomain(String origin) {
-        if (origin == null || origin.isBlank()) {
+    private String resolveOriginDomain(String origin, String referer) {
+        String url = (origin != null && !origin.isBlank()) ? origin : referer;
+        if (url == null || url.isBlank()) {
            return null;
        }
        try {
-            return URI.create(origin).getHost();
+            return URI.create(url).getHost();
        } catch (Exception e) {
-            return origin;
+            return null;
        }
    }
 }