Package org.forgerock.http.protocol
Enum Class Cookie.SameSite
- All Implemented Interfaces:
Serializable
,Comparable<Cookie.SameSite>
,java.lang.constant.Constable
- Enclosing class:
- Cookie
Indicates the SameSite
value of the cookie. This can be used to prevent cross-site request forgery (CSRF) attacks.
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
-
Enum Constant Summary
Enum ConstantDescriptionIn "lax" mode the cookie will be sent on "safe" top-level navigation methods (GET, HEAD, TRACE or OPTIONS).Some browsers are moving to marking all cookies asSameSite=lax
by default and allowingSameSite=none
as an option to turn that off.In "strict" mode the cookie will not be sent unless the request originates from the same origin. -
Method Summary
Modifier and TypeMethodDescriptionstatic Cookie.SameSite
Parses the given SameSite value.toString()
static Cookie.SameSite
Returns the enum constant of this class with the specified name.static Cookie.SameSite[]
values()
Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
STRICT
In "strict" mode the cookie will not be sent unless the request originates from the same origin. This will even block the cookie being sent when following a link from an external origin. -
LAX
In "lax" mode the cookie will be sent on "safe" top-level navigation methods (GET, HEAD, TRACE or OPTIONS). This allows the cookie to be sent when following a link, but provides weaker protection as a CSRF may still be carried out by opening a new window/tab. This is the recommended default setting, in combination with other CSRF defenses such as requiring custom headers on a request. -
NONE
Some browsers are moving to marking all cookies asSameSite=lax
by default and allowingSameSite=none
as an option to turn that off. This is only supported when cookies are also marked as secure so setting this option will also mark the cookie as secure. Note: older versions of Safari (prior to version 13) will interpretSameSite=none
as if it wasSameSite=strict
, so browser sniffing may be required when setting this option.
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum class has no constant with the specified nameNullPointerException
- if the argument is null
-
parse
Parses the given SameSite value.- Parameters:
value
- the value to parse.- Returns:
- the matching SameSite value, or
null
if the value does not match any known setting.
-
toString
- Overrides:
toString
in classEnum<Cookie.SameSite>
-