SameSite cookie in Java application

后端未结

关注

 9  1968

没有蜡笔的小新 2020-12-24 01:08

Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict? It seems that javax.servlet.http.Cookie has a str

9条回答

一生所求 (楼主)

2020-12-24 01:20

If using spring boot with Tom cat then this has been answered in another question. In summary, set the attribute on the tom cat config. This is global, all cookies will then have same site enabled. (from the other question https://stackoverflow.com/a/60860531/400048)

@Configuration
public class MvcConfiguration implements WebMvcConfigurer {

  @Bean
  public TomcatContextCustomizer sameSiteCookiesConfig() {
    return context -> {
        final Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor();
        cookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
        context.setCookieProcessor(cookieProcessor);
    };
  }

0 讨论(0)

查看其它9个回答