Xsrf cookie for CORS

2025-06-10 17:26:59 +05:30 · 2025-06-10 17:26:59 +05:30 · 3799e416e8
commit 3799e416e8
parent c8575e0b11
3 changed files with 7 additions and 3 deletions
--- a/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0
+++ b/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0
--- a/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js
+++ b/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js
@ -10,8 +10,8 @@ export async function createEndpointHttpEeq(inputForm = {}) {
    //body: JSON.stringify(inputForm),
    credentials: "include", //This sends cookies (even HTTP-only ones)
  });
-  // const xsrf_json_resp = await xsrf.json();
-  console.log(xsrf);
+  const xsrf_json_resp = await xsrf.json();
+  console.log(xsrf_json_resp);

  // const response = await fetch(`${socket}/cezen/add_user`, {
  //   method: "POST",
--- a/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java
+++ b/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java
@ -37,7 +37,11 @@ public class CezenLoginSecurityChain {
        //CSRF cookie
        final CookieCsrfTokenRepository cookieCsrfTokenRepo = new CookieCsrfTokenRepository();
        //make secure true when using only https
-        cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> responseCookieBuilder.secure(false));
+        cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> {
+            responseCookieBuilder.secure(true);
+            responseCookieBuilder.sameSite("None");
+            responseCookieBuilder.build();
+        });

        // bellow line is used when you are using JWT tokens instead of jSession session keys but i put always because i guess CSRF token needs it
        http.