Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-08 05:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Cookie Customizer Migration Steps

Browse Source
This commit is contained in:
Josh Cummings 2025-05-06 16:43:04 -06:00
parent 74a25c3fc1
commit 84db5bb312
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/modules/ROOT/pages/migration-7/web.adoc
View File

@ -521,3 +521,49 @@ Xml::
=====
If you have several circumstances where HTTP is needed, consider using `OrRequestMatcher` to combine them into a single `RequestMatcher` instance.
=====
== Use `setCookieCustomizer` instead of individual setters
In favor of a simpler API, `CookieCsrfTokenRepository#setCookieCustomizer` allows you to change any aspect of the cookie, replacing `setCookieHttpOnly`, `setCookieMaxAge`, `setSecure`, and `setCookieDomain`.
Change this:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
CookeCsrfTokenRepository csrf = CookeCsrfTokenRepository.withHttpOnlyFalse();
csrf.setCookieMaxAge(86400)
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
val csrf = CookeCsrfTokenRepository.withHttpOnlyFalse()
csrf.setCookieMaxAge(86400)
----
======
to this:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
CookeCsrfTokenRepository csrf = CookeCsrfTokenRepository.withHttpOnlyFalse();
csrf.setCookieCustomizer((c) -> c.maxAge(86400));
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
val csrf = CookeCsrfTokenRepository.withHttpOnlyFalse()
csrf.setCookieCustomizer { -> it.maxAge(86400) }
----
======