Xsrf cookie for CORS
This commit is contained in:
parent
c8575e0b11
commit
3799e416e8
Binary file not shown.
@ -10,8 +10,8 @@ export async function createEndpointHttpEeq(inputForm = {}) {
|
|||||||
//body: JSON.stringify(inputForm),
|
//body: JSON.stringify(inputForm),
|
||||||
credentials: "include", //This sends cookies (even HTTP-only ones)
|
credentials: "include", //This sends cookies (even HTTP-only ones)
|
||||||
});
|
});
|
||||||
// const xsrf_json_resp = await xsrf.json();
|
const xsrf_json_resp = await xsrf.json();
|
||||||
console.log(xsrf);
|
console.log(xsrf_json_resp);
|
||||||
|
|
||||||
// const response = await fetch(`${socket}/cezen/add_user`, {
|
// const response = await fetch(`${socket}/cezen/add_user`, {
|
||||||
// method: "POST",
|
// method: "POST",
|
||||||
|
|||||||
@ -37,7 +37,11 @@ public class CezenLoginSecurityChain {
|
|||||||
//CSRF cookie
|
//CSRF cookie
|
||||||
final CookieCsrfTokenRepository cookieCsrfTokenRepo = new CookieCsrfTokenRepository();
|
final CookieCsrfTokenRepository cookieCsrfTokenRepo = new CookieCsrfTokenRepository();
|
||||||
//make secure true when using only https
|
//make secure true when using only https
|
||||||
cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> responseCookieBuilder.secure(false));
|
cookieCsrfTokenRepo.setCookieCustomizer(responseCookieBuilder -> {
|
||||||
|
responseCookieBuilder.secure(true);
|
||||||
|
responseCookieBuilder.sameSite("None");
|
||||||
|
responseCookieBuilder.build();
|
||||||
|
});
|
||||||
|
|
||||||
// bellow line is used when you are using JWT tokens instead of jSession session keys but i put always because i guess CSRF token needs it
|
// bellow line is used when you are using JWT tokens instead of jSession session keys but i put always because i guess CSRF token needs it
|
||||||
http.
|
http.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user