Enum Class Cookie.SameSite

java.lang.Object
java.lang.Enum<Cookie.SameSite>
org.forgerock.http.protocol.Cookie.SameSite
All Implemented Interfaces:
Serializable, Comparable<Cookie.SameSite>, Constable
Enclosing class:
Cookie

public static enum Cookie.SameSite extends Enum<Cookie.SameSite>
Indicates the SameSite value of the cookie. This can be used to prevent cross-site request forgery (CSRF) attacks.
  • Enum Constant Details

    • STRICT

      public static final Cookie.SameSite STRICT
      In "strict" mode the cookie will not be sent unless the request originates from the same origin. This will even block the cookie being sent when following a link from an external origin.
    • LAX

      public static final Cookie.SameSite LAX
      In "lax" mode the cookie will be sent on "safe" top-level navigation methods (GET, HEAD, TRACE or OPTIONS). This allows the cookie to be sent when following a link, but provides weaker protection as a CSRF may still be carried out by opening a new window/tab. This is the recommended default setting, in combination with other CSRF defenses such as requiring custom headers on a request.
    • NONE

      public static final Cookie.SameSite NONE
      Some browsers are moving to marking all cookies as SameSite=lax by default and allowing SameSite=none as an option to turn that off. This is only supported when cookies are also marked as secure so setting this option will also mark the cookie as secure. Note: older versions of Safari (prior to version 13) will interpret SameSite=none as if it was SameSite=strict, so browser sniffing may be required when setting this option.
  • Method Details

    • values

      public static Cookie.SameSite[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared
    • valueOf

      public static Cookie.SameSite valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null
    • parse

      public static Cookie.SameSite parse(String value)
      Parses the given SameSite value.
      Parameters:
      value - the value to parse.
      Returns:
      the matching SameSite value, or null if the value does not match any known setting.
    • toString

      public String toString()
      Overrides:
      toString in class Enum<Cookie.SameSite>