SameSite cookie in Java application

后端未结

关注

 9  2022

没有蜡笔的小新 2020-12-24 01:08

Do you know any Java cookie implementation which allows to set a custom flag for cookie, like SameSite=strict? It seems that javax.servlet.http.Cookie has a str

9条回答

不思量自难忘° (楼主)

2020-12-24 01:22
If you don't wanna update all your code, you can also achieve same by one line config using Apache or Nginx configuration(or any other HTTP server/proxy that you are using)

1 Setting SameSite cookies using Apache configuration

You can add the following line to your Apache configuration
```
Header always edit Set-Cookie (.*) "$1; SameSite=Lax"
```
and this will update all your cookies with SameSite=Lax flag

See more here: https://blog.giantgeek.com/?p=1872

2 Setting SameSite cookies using Nginx configuration
```
location / {
    # your usual config ...
    # hack, set all cookies to secure, httponly and samesite (strict or lax)
    proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
}
```
Same here, this also will update all your cookies with SameSite=Lax flag

See more here: https://serverfault.com/questions/849888/add-samesite-to-cookies-using-nginx-as-reverse-proxy
0 讨论(0)

查看其它9个回答
发布评论:

提交评论
- 加载中...

SameSite cookie in Java application

1 Setting SameSite cookies using Apache configuration

2 Setting SameSite cookies using Nginx configuration