summaryrefslogtreecommitdiff
path: root/eaaf_core/src
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core/src')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
index a0a3f793..7fd2a910 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
@@ -23,6 +23,7 @@ import lombok.extern.slf4j.Slf4j;
public class CookieBasedRequestValidator implements IHttpRequestValidator {
public static final String HTTP_COOKIE_SEC = "eaafSession";
+ public static final String COOKIE_SAME_SITE_ATTR = "SameSite";
@Override
public void setValidationInfos(@Nonnull final HttpServletResponse httpResponse,
@@ -72,8 +73,8 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
HTTP_COOKIE_SEC, authProcessIdentifier);
cookie.setHttpOnly(true);
cookie.setSecure(true);
- URL url = new URL(pendingReq.getAuthUrlWithOutSlash());
- cookie.setPath(url.getPath());
+ cookie.setPath(new URL(pendingReq.getAuthUrlWithOutSlash()).getPath());
+ cookie.setAttribute(COOKIE_SAME_SITE_ATTR, "None");
return cookie;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 20:04:09 +0000