root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Set SameSite default to Lax 

Issue: SPR-16418
This commit is contained in:
Vedran Pavic 2018-07-20 23:19:21 +02:00 committed by Brian Clozel
parent 0def1640f2
commit 82194f4ee0
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
View File

@ -125,7 +125,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
.maxAge(maxAge) .maxAge(maxAge)
.httpOnly(true) .httpOnly(true)
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme())) .secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
.sameSite("Strict"); .sameSite("Lax");
if (this.cookieInitializer != null) { if (this.cookieInitializer != null) {
this.cookieInitializer.accept(cookieBuilder); this.cookieInitializer.accept(cookieBuilder);

6
spring-web/src/test/java/org/springframework/web/server/session/CookieWebSessionIdResolverTests.java
View File

@ -44,13 +44,13 @@ public class CookieWebSessionIdResolverTests {
assertEquals(1, cookies.size()); assertEquals(1, cookies.size());
ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName()); ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName());
assertNotNull(cookie); assertNotNull(cookie);
assertEquals("SESSION=123; Path=/; Secure; HttpOnly; SameSite=Strict", cookie.toString()); assertEquals("SESSION=123; Path=/; Secure; HttpOnly; SameSite=Lax", cookie.toString());
} }
@Test @Test
public void cookieInitializer() { public void cookieInitializer() {
this.resolver.addCookieInitializer(builder -> builder.domain("example.org")); this.resolver.addCookieInitializer(builder -> builder.domain("example.org"));
this.resolver.addCookieInitializer(builder -> builder.sameSite("Lax")); this.resolver.addCookieInitializer(builder -> builder.sameSite("Strict"));
this.resolver.addCookieInitializer(builder -> builder.secure(false)); this.resolver.addCookieInitializer(builder -> builder.secure(false));
MockServerHttpRequest request = MockServerHttpRequest.get("https://example.org/path").build(); MockServerHttpRequest request = MockServerHttpRequest.get("https://example.org/path").build();
@ -61,7 +61,7 @@ public class CookieWebSessionIdResolverTests {
assertEquals(1, cookies.size()); assertEquals(1, cookies.size());
ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName()); ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName());
assertNotNull(cookie); assertNotNull(cookie);
assertEquals("SESSION=123; Path=/; Domain=example.org; HttpOnly; SameSite=Lax", cookie.toString()); assertEquals("SESSION=123; Path=/; Domain=example.org; HttpOnly; SameSite=Strict", cookie.toString());
} }
} }