问题:
When cookies lack the SameSite attribute, Web browsers may apply different and sometimes unexpected defaults. It is therefore recommended to add a SameSite attribute with an appropriate value of either "Strict", "Lax", or "None".
解决:
Cookie[] cookies = hreq.getCookies();
if (cookies != null){
StringBuilder sb = new StringBuilder();
for (Cookie cookie : cookies){
sb.append(cookie.getName()).append("=").append(cookie.getValue()).append(";");
sb.append("Path="+hreq.getContextPath());
sb.append(";HttpOnly; SameSite=Lax");
hresp.addHeader(HttpHeaders.SET_COOKIE,sb.toString());
}
}
注意:要使用addHeader,否则
只解决最后一个cookie