diff --git a/spring-web/src/main/java/org/springframework/http/ResponseCookie.java b/spring-web/src/main/java/org/springframework/http/ResponseCookie.java index 7a582def77..0c448abf35 100644 --- a/spring-web/src/main/java/org/springframework/http/ResponseCookie.java +++ b/spring-web/src/main/java/org/springframework/http/ResponseCookie.java @@ -115,6 +115,7 @@ public final class ResponseCookie extends HttpCookie { *
This limits the scope of the cookie such that it will only be attached to * same site requests if {@code "Strict"} or cross-site requests if {@code "Lax"}. * @see RFC6265 bis + * @since 5.1 */ @Nullable public String getSameSite() { @@ -235,7 +236,7 @@ public final class ResponseCookie extends HttpCookie { } @Override - public ResponseCookieBuilder sameSite(String sameSite) { + public ResponseCookieBuilder sameSite(@Nullable String sameSite) { this.sameSite = sameSite; return this; } @@ -295,9 +296,11 @@ public final class ResponseCookie extends HttpCookie { *
This limits the scope of the cookie such that it will only be * attached to same site requests if {@code "Strict"} or cross-site * requests if {@code "Lax"}. + *
By default set to {@code "Strict"}. * @see RFC6265 bis + * @since 5.1 */ - ResponseCookieBuilder sameSite(String sameSite); + ResponseCookieBuilder sameSite(@Nullable String sameSite); /** * Create the HttpCookie. diff --git a/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java b/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java index 10e110d535..6a328f20a9 100644 --- a/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java +++ b/spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java @@ -23,6 +23,7 @@ import java.util.stream.Collectors; import org.springframework.http.HttpCookie; import org.springframework.http.ResponseCookie; +import org.springframework.lang.Nullable; import org.springframework.util.Assert; import org.springframework.util.MultiValueMap; import org.springframework.web.server.ServerWebExchange; @@ -81,8 +82,9 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { * Set the value for the "SameSite" attribute of the cookie that holds the * session id. For its meaning and possible values, see * {@link ResponseCookie#getSameSite()}. - *
By default set to {@code "Strict"} + *
By default set to {@code "Strict"}.
* @param sameSite the SameSite value
+ * @since 5.1
*/
public void setSameSite(String sameSite) {
this.sameSite = sameSite;
@@ -90,11 +92,13 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
/**
* Return the configured "SameSite" attribute value for the session cookie.
+ * @since 5.1
*/
public String getSameSite() {
return this.sameSite;
}
+
@Override
public List