Skip to content

Commit

Permalink
Fix security config for sameSite cookieAttribute
Browse files Browse the repository at this point in the history
- skip configuration if parameter sameSite not set and print a debug message
  • Loading branch information
kostobog committed May 16, 2024
1 parent bc8acfc commit ef6cb4c
Showing 1 changed file with 4 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ private void addSameSiteCookieAttribute(HttpServletResponse response) {
String configValue = config.getConfig(ConfigParam.SECURITY_SAME_SITE, "");

log.debug("SameSite attribute for set-cookie header configured to {}.", configValue);
if (configValue.isBlank()) {
log.debug("SameSite attribute for set-cookie header not configured.");
return;
}

SameSiteValue sameSiteValue = SameSiteValue.getValue(configValue)
.orElseThrow(
Expand Down

0 comments on commit ef6cb4c

Please sign in to comment.