spring-security

History

michal e113bd3c01 issue 5414 - configurable secure flag in CookieCsrfTokenRepository While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall). It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.	2020-06-25 14:42:38 -05:00
..
src	issue 5414 - configurable secure flag in CookieCsrfTokenRepository	2020-06-25 14:42:38 -05:00
spring-security-web.gradle	Remove Groovy and Spock Dependencies	2020-02-10 10:38:40 -07:00

michal e113bd3c01 issue 5414 - configurable secure flag in CookieCsrfTokenRepository

While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall).

It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.

2020-06-25 14:42:38 -05:00

src

issue 5414 - configurable secure flag in CookieCsrfTokenRepository

2020-06-25 14:42:38 -05:00

spring-security-web.gradle

Remove Groovy and Spock Dependencies

2020-02-10 10:38:40 -07:00