add secure and httpOnly to cookie

cwansart · Aug 24, 2024 · 7619384 · 7619384
1 parent 5dd0930
commit 7619384
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/build.gradle b/build.gradle
@@ -23,7 +23,7 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	developmentOnly 'org.springframework.boot:spring-boot-devtools'
-	//runtimeOnly 'com.h2database:h2'
+	developmentOnly 'com.h2database:h2'
 	runtimeOnly 'org.postgresql:postgresql'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	//testRuntimeOnly 'org.junit.platform:junit-platform-launcher'

diff --git a/src/main/java/de/cwansart/unipoll/controller/VoteController.java b/src/main/java/de/cwansart/unipoll/controller/VoteController.java
@@ -95,7 +95,10 @@ public String save(@RequestParam(name = "id", required = true) long id,
         vote.setUserId(userId);
         voteRepo.save(vote);
 
-        response.addCookie(new Cookie("unipoll-user-id", userId));
+        Cookie cookie = new Cookie("unipoll-user-id", userId);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        response.addCookie(cookie);
 
         return "redirect:/vote?id=" + id;
     }

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -1,4 +1,5 @@
 spring.application.name=unipoll
+server.servlet.session.cookie.secure=true
 
 # default http port
 #server.port=80