From b66d205936ce94efd81012b357e6226caa9da60b Mon Sep 17 00:00:00 2001
From: chibuisienyia <cenyia@codeforamerica.org>
Date: Fri, 20 Oct 2023 02:34:30 -0500
Subject: [PATCH] Set HttpOnly and Secure response in our session cookie
 (updated) #186292877

---
 .../java/formflow/library/config/SecurityConfiguration.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/formflow/library/config/SecurityConfiguration.java b/src/test/java/formflow/library/config/SecurityConfiguration.java
index 01c4e307b..e8e031294 100644
--- a/src/test/java/formflow/library/config/SecurityConfiguration.java
+++ b/src/test/java/formflow/library/config/SecurityConfiguration.java
@@ -5,7 +5,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.session.web.http.DefaultCookieSerializer;
@@ -19,6 +18,7 @@ public class SecurityConfiguration {
     public DefaultCookieSerializer setDefaultSecurityCookie(){
         DefaultCookieSerializer serializer = new DefaultCookieSerializer();
         serializer.setUseSecureCookie(true);
+        serializer.setUseHttpOnlyCookie(true);
         return serializer;
     }
     @Bean