From 4919ad310139fc29a8fdef0957574a83dbd47b4e Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Mon, 19 Oct 2020 17:17:58 +0300 Subject: [PATCH] Spring security: Comment out cookie and header settings Signed-off-by: Pekka Helenius --- .../com/fjordtek/bookstore/config/WebSecurityConfig.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java b/bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java index abe0c56..68bd0c5 100644 --- a/bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java +++ b/bookstore/src/main/java/com/fjordtek/bookstore/config/WebSecurityConfig.java @@ -17,9 +17,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import com.fjordtek.bookstore.service.session.BookSameSiteCookieFilter; import com.fjordtek.bookstore.service.session.BookStoreAccessDeniedHandler; import com.fjordtek.bookstore.service.session.BookStoreAuthenticationFailureHandler; import com.fjordtek.bookstore.service.session.BookStoreAuthenticationSuccessHandler; @@ -126,7 +124,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { * public access to it is denied by default. */ httpSecurity - .addFilterAfter(new BookSameSiteCookieFilter(), BasicAuthenticationFilter.class) +// .addFilterAfter(new BookSameSiteCookieFilter(), BasicAuthenticationFilter.class) .authorizeRequests() .antMatchers( env.getProperty("spring.h2.console.path") + "/**", @@ -171,12 +169,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) - .and() +/* .and() .headers() .frameOptions().sameOrigin() // .contentTypeOptions().disable() .contentSecurityPolicy("frame-ancestors 'self'") - +*/ ; }