Skip to content

Commit

Permalink
Set csrf and session cookies secure attribute to true
Browse files Browse the repository at this point in the history
  • Loading branch information
@Alf-Melmac
Alf-Melmac committed Feb 21, 2023
1 parent 9134561 commit 1d1f4ca
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions ...ain/java/de/webalf/slotbot/configuration/authentication/website/OAuth2EndpointConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public class OAuth2EndpointConfig {
protected SecurityFilterChain oAuthUserFilterChain(HttpSecurity http) throws Exception {
// https://docs.spring.io/spring-security/reference/5.8/migration/servlet/exploits.html#_i_am_using_angularjs_or_another_javascript_framework
final CookieCsrfTokenRepository tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
tokenRepository.setSecure(true);
tokenRepository.setCookiePath("/");
final XorCsrfTokenRequestAttributeHandler delegate = new XorCsrfTokenRequestAttributeHandler();
// set the name of the attribute the CsrfToken will be populated on
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ spring.jpa.hibernate.ddl-auto=update
#Not secured
server.port=8080
server.servlet.context-path=/backend
server.servlet.session.cookie.secure=true

server.cors.allowedOrigins=http://localhost:3000,http://slotbot-test1.amb:3000,http://slotbot-test2.amb:3000

Expand Down

0 comments on commit 1d1f4ca

Please sign in to comment.