search

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
https://spring.io/projects/spring-boot
Apache License 2.0
75.17k stars 40.68k forks source link

Upgraded to spring 3.2.2 and observed new cookies got added and xsrf token cookie size got increased #39334

Closed tri620 closed 9 months ago

tri620 commented 9 months ago

We have upgraded spring boot version to 3.2.2 and we have observed that there are new cookies added and xsrf token size is also increased. Because of the size increase we got the issues with request header size. As alternative we have added below property in out application.properties

server.max-http-request-header-size=64KB

is there a way to suppress these cookies from request and response headers to decrease header size other than adding property in application properties?

list of new cookies added:

{
              "name": "s_ecid",
              "value": "MCMID%7C22987565713950551571426649978084410057",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-14T15:43:07.648Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_NFFRXNTCW0",
              "value": "GS1.1.1690788553.1.0.1690788553.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-03T07:29:13.279Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_fbp",
              "value": "fb.1.1690788565311.738056495",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-04-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "ELOQUA",
              "value": "GUID=BFFE5EDD933A4975BA4A685FF0D82036",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-08-31T07:29:29.237Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_CEFT",
              "value": "Q%3D%3D%3D",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Strict"
            },
            {
              "name": "notice_preferences",
              "value": "2:",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "notice_gdpr_prefs",
              "value": "0,1,2:",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "cmapi_gtm_bl",
              "value": "",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T04:39:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "cmapi_cookie_privacy",
              "value": "permit 1,2,3",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "_psr",
              "value": "ps.2.650beb32550c550000216ee2",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T12:40:12.010Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_hjSessionUser_1143700",
              "value": "eyJpZCI6IjVmMTE0NGQwLWM3YmItNTE3Zi1hNjUzLTExZmE5M2U4M2ZlZSIsImNyZWF0ZWQiOjE2OTA3ODg1NTc4MzksImV4aXN0aW5nIjp0cnVlfQ==",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "_ga_XGPHRMCF98",
              "value": "GS1.1.1697695647.5.0.1697695647.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-11-22T06:07:27.982Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_gcl_au",
              "value": "1.1.1864192195.1698733962",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-01-29T06:32:42.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "__ncuid",
              "value": "1529b48b-bd62-4002-8ca9-9b6a29575325",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-10-30T06:32:43.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "ajs_user_id",
              "value": "18ccb67ea2ecce16450b2babb5ec693593cf63cf",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-04T12:22:52.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "ajs_anonymous_id",
              "value": "65ab6dfa-a9ad-4659-8301-3c6d2127e4d0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-04T12:22:52.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "_uetvid",
              "value": "fc3817202f7311eea54e591d2709b08c",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-04T15:43:07.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ce.s",
              "value": "v~9fa51fb4905691628edb4cefa8e0661afac5302c~lcw~1705038918013~vpv~4~lva~1704987661194~v11.cs~400174~v11.s~2d0ee7c0-99a1-11ee-b388-e3b29a5f7a8b~v11.sla~1704987972599~v11.send~1705038917667~gtrk.la~lra85d4e~lcw~1705038918062",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-11T05:55:18.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Strict"
            },
            {
              "name": "_ga_K3HMPCCMCB",
              "value": "GS1.1.1705038918.2.0.1705038918.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-15T05:55:18.244Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "AMCV_90FF097853513F650A490D4C%40AdobeOrg",
              "value": "-1124106680%7CMCIDTS%7C19739%7CMCMID%7C22987565713950551571426649978084410057%7CMCAAMLH-1706002902%7C3%7CMCAAMB-1706002902%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1705405302s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-19T09:41:42.644Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_FRBQPVFZSP",
              "value": "GS1.1.1705398109.23.1.1705406720.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-19T12:05:20.323Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga",
              "value": "GA1.1.453289425.1690788553",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T15:05:37.563Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_YR2096LTFZ",
              "value": "GS1.1.1705676699.71.1.1705677162.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T15:12:42.420Z",
              "httpOnly": false,
              "secure": false
            },
[Wednesday 4:01 PM] Bochare, Rupali
{
              "name": "s_ecid",
              "value": "MCMID%7C22987565713950551571426649978084410057",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-14T15:43:07.648Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_NFFRXNTCW0",
              "value": "GS1.1.1690788553.1.0.1690788553.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-03T07:29:13.279Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_fbp",
              "value": "fb.1.1690788565311.738056495",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-04-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "ELOQUA",
              "value": "GUID=BFFE5EDD933A4975BA4A685FF0D82036",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-08-31T07:29:29.237Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_CEFT",
              "value": "Q%3D%3D%3D",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Strict"
            },
            {
              "name": "notice_preferences",
              "value": "2:",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "notice_gdpr_prefs",
              "value": "0,1,2:",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "cmapi_gtm_bl",
              "value": "",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T04:39:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "cmapi_cookie_privacy",
              "value": "permit 1,2,3",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-09-14T10:09:28.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "_psr",
              "value": "ps.2.650beb32550c550000216ee2",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T12:40:12.010Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_hjSessionUser_1143700",
              "value": "eyJpZCI6IjVmMTE0NGQwLWM3YmItNTE3Zi1hNjUzLTExZmE5M2U4M2ZlZSIsImNyZWF0ZWQiOjE2OTA3ODg1NTc4MzksImV4aXN0aW5nIjp0cnVlfQ==",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-10T15:43:07.000Z",
              "httpOnly": false,
              "secure": true,
              "sameSite": "None"
            },
            {
              "name": "_ga_XGPHRMCF98",
              "value": "GS1.1.1697695647.5.0.1697695647.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-11-22T06:07:27.982Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_gcl_au",
              "value": "1.1.1864192195.1698733962",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-01-29T06:32:42.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "__ncuid",
              "value": "1529b48b-bd62-4002-8ca9-9b6a29575325",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2024-10-30T06:32:43.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "ajs_user_id",
              "value": "18ccb67ea2ecce16450b2babb5ec693593cf63cf",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-04T12:22:52.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "ajs_anonymous_id",
              "value": "65ab6dfa-a9ad-4659-8301-3c6d2127e4d0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-04T12:22:52.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Lax"
            },
            {
              "name": "_uetvid",
              "value": "fc3817202f7311eea54e591d2709b08c",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-04T15:43:07.000Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ce.s",
              "value": "v~9fa51fb4905691628edb4cefa8e0661afac5302c~lcw~1705038918013~vpv~4~lva~1704987661194~v11.cs~400174~v11.s~2d0ee7c0-99a1-11ee-b388-e3b29a5f7a8b~v11.sla~1704987972599~v11.send~1705038917667~gtrk.la~lra85d4e~lcw~1705038918062",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-01-11T05:55:18.000Z",
              "httpOnly": false,
              "secure": false,
              "sameSite": "Strict"
            },
            {
              "name": "_ga_K3HMPCCMCB",
              "value": "GS1.1.1705038918.2.0.1705038918.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-15T05:55:18.244Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "AMCV_90FF097853513F650A490D4C%40AdobeOrg",
              "value": "-1124106680%7CMCIDTS%7C19739%7CMCMID%7C22987565713950551571426649978084410057%7CMCAAMLH-1706002902%7C3%7CMCAAMB-1706002902%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1705405302s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.2.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-19T09:41:42.644Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_FRBQPVFZSP",
              "value": "GS1.1.1705398109.23.1.1705406720.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-19T12:05:20.323Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga",
              "value": "GA1.1.453289425.1690788553",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T15:05:37.563Z",
              "httpOnly": false,
              "secure": false
            },
            {
              "name": "_ga_YR2096LTFZ",
              "value": "GS1.1.1705676699.71.1.1705677162.0.0.0",
              "path": "/",
              "domain": ".bmc.com",
              "expires": "2025-02-22T15:12:42.420Z",
              "httpOnly": false,
              "secure": false
            }
bclozel commented 9 months ago

I don't think Spring is involved here. It seems those cookies are related to Google Analytics, Atlassian Jira and other products. I'm closing this issue as a result.

We can reopen this issue if you can provide a minimal sample application that shows those cookies being added by Spring.