Skip to content

Make the cookie secure flag configurable in CookieServerCsrfTokenRepository #9678

New issue
New issue
Closed
#9679
Closed
Make the cookie secure flag configurable in CookieServerCsrfTokenRepository#9678
#9679
Assignees
eleftherias
Labels
in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement
Milestone
5.5.0-RC2
@ThomasVitale

Description

@ThomasVitale
ThomasVitale
opened on Apr 25, 2021

Expected Behavior

The CookieCsrfTokenRepository for Spring MVC applications supports configuring the secure flag for the XSRF-TOKEN cookie. The CookieServerCsrfTokenRepository for Spring WebFlux applications should provide the same option.

Current Behavior

The CookieServerCsrfTokenRepository for Spring WebFlux applications doesn't allow configuring the secure flag for the XSRF-TOKEN cookie.

Context

The secure flag is currently set to true when the TLS termination is on the application itself. If it's on a firewall or proxy, then it's always false.

Reference to the same change done for servlet-based applications: #8749

Suggested solution: #9679 (PR)

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions