mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-19 21:06:05 +00:00
e113bd3c01
While using the request's "isSecure" flag is a reasonable default, when webapps sit behind firewalls, sometimes the firewall does the SSL, and the traffic between the firewall and the app is plain HTTP (not HTTPS). In this case the "isSecure" flag on the request is always false, but we still want th XSRF-TOKEN cookie to be secure (the firewall forwards all cookies to the app, and the browser sends the secure cookie to the firewall). It would be nice if we could configure the desired value for the secure flag of the cookie, just like we can configure the value for the httpOnly flag of the cookie.
image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge] = Spring Security Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 5.0 requires Spring 5.0 as a minimum and also requires Java 8. For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects]. == Code of Conduct Please see our https://github.com/spring-projects/.github/blob/master/CODE_OF_CONDUCT.md[code of conduct] == Downloading Artifacts See https://github.com/spring-projects/spring-framework/wiki/Downloading-Spring-artifacts[downloading Spring artifacts] for Maven repository information. == Documentation Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference]. Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation]. == Quick Start We recommend you visit https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference] and read the "Getting Started" page. == Building from Source Spring Security uses a https://gradle.org[Gradle]-based build system. In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build. === Prerequisites https://help.github.com/set-up-git-redirect[Git] and the https://www.oracle.com/technetwork/java/javase/downloads[JDK8 build]. Be sure that your `JAVA_HOME` environment variable points to the `jdk1.8.0` folder extracted from the JDK download. === Check out sources [indent=0] ---- git clone git@github.com:spring-projects/spring-security.git ---- === Install all spring-\* jars into your local Maven cache [indent=0] ---- ./gradlew install ---- === Compile and test; build all jars, distribution zips, and docs [indent=0] ---- ./gradlew build ---- Discover more commands with `./gradlew tasks`. See also the https://github.com/spring-projects/spring-framework/wiki/Gradle-build-and-release-FAQ[Gradle build and release FAQ]. == Getting Support Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow]. https://spring.io/services[Commercial support] is available too. == Contributing https://help.github.com/articles/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/master/CONTRIBUTING.adoc[contributor guidelines] for details. == License Spring Security is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].