Closed 2is10 closed 2 days ago
Hi @2is10, thanks for the report.
I believe that we could add some kind of customizer to the cookie in the CookieRequestCache
implementation, similar to https://github.com/spring-projects/spring-security/pull/15203, what do you think?
I don't think that we should set a default value to that attribute tho, since the docs mention that the attribute is optional and, if not provided, a default value (defined by the browser) will be used.
Describe the bug When using CookieRequestCache, Firefox complains:
To Reproduce Configure your application to use CookieRequestCache, like so:
Note that due to #2932 you likely also need to separately pass the CookieRequestCache to SavedRequestAwareAuthenticationSuccessHandler.
Expected behavior No warning in Firefox. The POST /login request should also not show up as “blocked”.
Sample
No sample provided. This is easy to try on any project.