add secure and httpOnly to cookie

cwansart · cwansart · commit 7619384bdf85 · 2024-08-24T08:14:45.000+02:00
diff --git a/build.gradle b/build.gradle
@@ -23,7 +23,7 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	developmentOnly 'org.springframework.boot:spring-boot-devtools'
-	//runtimeOnly 'com.h2database:h2'
+	developmentOnly 'com.h2database:h2'
 	runtimeOnly 'org.postgresql:postgresql'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	//testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
diff --git a/src/main/java/de/cwansart/unipoll/controller/VoteController.java b/src/main/java/de/cwansart/unipoll/controller/VoteController.java
@@ -95,7 +95,10 @@ public String save(@RequestParam(name = "id", required = true) long id,
         vote.setUserId(userId);
         voteRepo.save(vote);
 
-        response.addCookie(new Cookie("unipoll-user-id", userId));
+        Cookie cookie = new Cookie("unipoll-user-id", userId);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        response.addCookie(cookie);
 
         return "redirect:/vote?id=" + id;
     }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -1,4 +1,5 @@
 spring.application.name=unipoll
+server.servlet.session.cookie.secure=true
 
 # default http port
 #server.port=80

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`spring.application.name=unipoll`
	`2`	`+server.servlet.session.cookie.secure=true`
`2`	`3`
`3`	`4`	`# default http port`
`4`	`5`	`#server.port=80`