Skip to content

Commit

Permalink
AUT-2054 Set session cookie secure attribute to true
Browse files Browse the repository at this point in the history
  • Loading branch information
Marten332 committed Dec 13, 2024
1 parent 25cbd57 commit fb1b419
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ CookieSameSiteSupplier csrfCookieSameSiteSupplier() {

@Bean
public ServletContextInitializer servletContextInitializer() {
return servletContext -> servletContext.getSessionCookieConfig().setName(COOKIE_NAME_SESSION);
return servletContext -> {
servletContext.getSessionCookieConfig().setName(COOKIE_NAME_SESSION);
servletContext.getSessionCookieConfig().setSecure(true);
};
}
}
4 changes: 0 additions & 4 deletions src/main/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,6 @@ server:
forward-headers-strategy: NONE # Under main this cannot be enabled by default, because docker-compose.yml doesn't have another proxy in front of this application that would always set X-Forwarded-For header. X-Forwarded-For value that could be set outside of your own infrastructure, cannot be trusted.
# Use same port as govsso-session/docker-compose.yml.
port: 11443
servlet:
session:
cookie:
secure=true:
ssl:
enabled: true
key-store-password: changeit
Expand Down
4 changes: 0 additions & 4 deletions src/test/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,6 @@ management:

server:
forward-headers-strategy: NATIVE
servlet:
session:
cookie:
secure=false:

spring:
main:
Expand Down

0 comments on commit fb1b419

Please sign in to comment.