RodolfoAndre · RodolfoAndre · Jul 9, 2021 · Jul 9, 2021 · Jul 9, 2021 · Jul 12, 2021
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,7 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+.DS_Store
 
 ### STS ###
 .apt_generated

diff --git a/src/main/java/br/com/caelum/carangobom/config/seguranca/MvcConfiguracao.java b/src/main/java/br/com/caelum/carangobom/config/seguranca/MvcConfiguracao.java
@@ -0,0 +1,21 @@
+package br.com.caelum.carangobom.config.seguranca;
+
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
+import org.apache.tomcat.util.http.SameSiteCookies;
+import org.springframework.boot.web.embedded.tomcat.TomcatContextCustomizer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class MvcConfiguracao implements WebMvcConfigurer {
+
+    @Bean
+    public TomcatContextCustomizer sameSiteCookiesConfig() {
+        return context -> {
+            final var cookieProcessor = new Rfc6265CookieProcessor();
+            cookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
+            context.setCookieProcessor(cookieProcessor);
+        };
+    }
+}
diff --git a/src/main/java/br/com/caelum/carangobom/config/seguranca/SegurancaConfig.java b/src/main/java/br/com/caelum/carangobom/config/seguranca/SegurancaConfig.java
@@ -16,6 +16,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -59,7 +60,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			.antMatchers(HttpMethod.POST, "/usuarios").permitAll()
 			.antMatchers(HttpMethod.GET, "/veiculos").permitAll()
 			.anyRequest().authenticated().and()
-				.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+				.csrf().csrfTokenRepository(getCsrfTokenRepository()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
 				.addFilterBefore(new AutenticacaoTokenFiltro(tokenService, usuarioRepository), UsernamePasswordAuthenticationFilter.class);
 	}
 
@@ -71,8 +72,7 @@ public void configure(WebSecurity web) throws Exception {
 	}
 
 	@Bean
-	CorsConfigurationSource corsConfigurationSource()
-	{
+	CorsConfigurationSource corsConfigurationSource() {
 		var configuration = new CorsConfiguration();
 		configuration.addAllowedOrigin("https://carango-bom-withfliters-ui.herokuapp.com");
 		configuration.addAllowedHeader("*");
@@ -82,4 +82,10 @@ CorsConfigurationSource corsConfigurationSource()
 		source.registerCorsConfiguration("/**", configuration);
 		return source;
 	}
+
+	private CsrfTokenRepository getCsrfTokenRepository() {
+		var tokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
+		tokenRepository.setCookieDomain("https://carango-bom-withfliters-ui.herokuapp.com/");
+		return tokenRepository;
+	}
 }