摘要:
packagecom.iwhalecloud.dbepecsp.sigma.gateway.config;importorg.apache.tomcat.util.http.Rfc6265CookieProcessor;importorg.apache.tomcat.util.http.SameSiteCookies;importorg.springframework.boot.web.embed
package com.iwhalecloud.dbepecsp.sigma.gateway.config;
import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.SameSiteCookies;
import org.springframework.boot.web.embedded.tomcat.TomcatContextCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 设置cookie的SameSite属性,防CSRF
* @version 1.0
* @date 2021/11/19
*/
@Configuration
public class TomcatConfiguration {
@Bean
public TomcatContextCustomizer sameSiteCookiesConfig() {
return context -> {
final Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor();
// 设置Cookie的SameSite
cookieProcessor.setSameSiteCookies(SameSiteCookies.LAX.getValue());
context.setCookieProcessor(cookieProcessor);
};
}
}
无需其他操作,此类加载后可覆写Tomcat配置