diff --git a/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0 b/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0 index d9a15d0..b112ee3 100644 Binary files a/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0 and b/MySQL_conf_pbx/test1/mariadb_data/ib_logfile0 differ diff --git a/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js b/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js index e6a9729..f278738 100644 --- a/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js +++ b/MySQL_conf_pbx/test1/reactcezenpbx/src/http_routs/phone_operations_http.js @@ -10,8 +10,8 @@ export async function createEndpointHttpEeq(inputForm = {}) { //body: JSON.stringify(inputForm), credentials: "include", //This sends cookies (even HTTP-only ones) }); - // const xsrf_json_resp = await xsrf.json(); - console.log(xsrf); + const xsrf_json_resp = await xsrf.json(); + console.log(xsrf_json_resp); // const response = await fetch(`${socket}/cezen/add_user`, { // method: "POST", diff --git a/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java b/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java index faf70c6..6fdab5f 100755 --- a/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java +++ b/MySQL_conf_pbx/test1/springCezenPBX/src/main/java/com/example/cezenPBX/config/CezenLoginSecurityChain.java @@ -37,7 +37,11 @@ public class CezenLoginSecurityChain { //CSRF cookie final CookieCsrfTokenRepository cookieCsrfTokenRepo = new CookieCsrfTokenRepository(); //make secure true when using only https - cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> responseCookieBuilder.secure(false)); + cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> { + responseCookieBuilder.secure(true); + responseCookieBuilder.sameSite("None"); + responseCookieBuilder.build(); + }); // bellow line is used when you are using JWT tokens instead of jSession session keys but i put always because i guess CSRF token needs it http.