Set SameSite default to Lax

Issue: SPR-16418
This commit is contained in:
Vedran Pavic
2018-07-20 23:19:21 +02:00
committed by Brian Clozel
parent 0def1640f2
commit 82194f4ee0
2 changed files with 4 additions and 4 deletions

View File

@@ -125,7 +125,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
.maxAge(maxAge)
.httpOnly(true)
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
.sameSite("Strict");
.sameSite("Lax");
if (this.cookieInitializer != null) {
this.cookieInitializer.accept(cookieBuilder);