Skip to content

Make Csrf cookie secure flag configurable (WebFlux) #9679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 27, 2021
Merged

Make Csrf cookie secure flag configurable (WebFlux) #9679

merged 1 commit into from
Apr 27, 2021

Conversation

ThomasVitale
Copy link
Contributor

Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678

@ThomasVitale ThomasVitale mentioned this pull request Apr 25, 2021
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 25, 2021
@eleftherias eleftherias self-assigned this Apr 26, 2021
eleftherias
eleftherias suggested changes Apr 26, 2021
View reviewed changes
Copy link
Contributor

@eleftherias eleftherias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @ThomasVitale!
I've left a couple of comments.

.../main/java/org/springframework/security/web/server/csrf/CookieServerCsrfTokenRepository.java Outdated
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2020 the original author or authors.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2021 :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's awkward :) I fixed it.

@eleftherias eleftherias added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 26, 2021
@ThomasVitale
Make Csrf cookie secure flag configurable (WebFlux)
53e9458 
Make the XSRF-TOKEN cookie secure flag configurable in CookieServerCsrfTokenRepository.

Closes gh-9678
@ThomasVitale
Copy link
Contributor Author

@eleftherias thanks for reviewing the PR. I have addressed your comments and pushed an update.

@eleftherias eleftherias merged commit e2993d9 into spring-projects:main Apr 27, 2021
@eleftherias
Copy link
Contributor

Thanks @ThomasVitale! This is now merged into main.

@eleftherias eleftherias added the status: duplicate A duplicate of another issue label Apr 27, 2021
@eleftherias eleftherias added this to the 5.5.0 milestone Apr 27, 2021
@jzheaux jzheaux modified the milestones: 5.5.0, 5.5.0-RC2 Apr 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eleftherias eleftherias eleftherias requested changes

Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
5.5.0-RC2
Development

Successfully merging this pull request may close these issues.

Make the cookie secure flag configurable in CookieServerCsrfTokenRepository
4 participants
@ThomasVitale @eleftherias @jzheaux @spring-projects-issues