Set SameSite default to Lax
Issue: SPR-16418
This commit is contained in:
committed by
Brian Clozel
parent
0def1640f2
commit
82194f4ee0
@@ -125,7 +125,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
|
||||
.maxAge(maxAge)
|
||||
.httpOnly(true)
|
||||
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
|
||||
.sameSite("Strict");
|
||||
.sameSite("Lax");
|
||||
|
||||
if (this.cookieInitializer != null) {
|
||||
this.cookieInitializer.accept(cookieBuilder);
|
||||
|
||||
Reference in New Issue
Block a user