This commit adds support for the "SameSite" attribute in response cookies. As explained in rfc6265bis, this attribute can be used to limit the scope of a cookie so that it can't be attached to a request unless it is sent from the "same-site". This feature is currently supported by Google Chrome and Firefox, other browsers will ignore this attribute. This feature can help prevent CSRF attacks; this is why this commit adds this attribute by default for SESSION Cookies in WebFlux. See: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis Issue: SPR-16418
Spring Framework
This is the home of the Spring Framework, the foundation for all Spring projects. Together the Spring Framework and the family of Spring projects make up what we call "Spring".
Spring provides everything you need beyond the Java language to create enterprise applications in a wide range of scenarios and architectures. Please read the Overview section in the reference for a more complete introduction.
Code of Conduct
This project is governed by the Spring Code of Conduct. By participating you are expected to uphold this code. Please report unacceptable behavior to spring-code-of-conduct@pivotal.io.
Access to Binaries
For access to artifacts or a distribution zip, see the Spring Framework Artifacts wiki page.
Documentation
The Spring Frameworks maintains reference documentation (published and source), Github wiki pages, and an API reference. There are also guides and tutorials across Spring projects.
Build from Source
See the Build from Source wiki page and also CONTRIBUTING.md.
Stay in Touch
Follow @SpringCentral, @SpringFramework, and its team members on Twitter. In-depth articles can be found at The Spring Blog, and releases are announced via our news feed.
License
The Spring Framework is released under version 2.0 of the Apache License.