Set HttpOnly and Secure response in our session cookie (updated)

#186292877
codeforamerica · Oct 20, 2023 · b66d205 · b66d205
1 parent 8b492b7
commit b66d205
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/test/java/formflow/library/config/SecurityConfiguration.java b/src/test/java/formflow/library/config/SecurityConfiguration.java
@@ -5,7 +5,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.session.web.http.DefaultCookieSerializer;
@@ -19,6 +18,7 @@ public class SecurityConfiguration {
     public DefaultCookieSerializer setDefaultSecurityCookie(){
         DefaultCookieSerializer serializer = new DefaultCookieSerializer();
         serializer.setUseSecureCookie(true);
+        serializer.setUseHttpOnlyCookie(true);
         return serializer;
     }
     @Bean