@@ -35,14 +35,17 @@ public class JwtTokenCookieManager {
3535
3636 private final boolean cookieSecure ;
3737 private final String cookieSameSite ;
38+ private final String cookieDomain ;
3839 private final SecureRandom secureRandom = new SecureRandom ();
3940
4041 public JwtTokenCookieManager (
4142 @ Value ("${app.security.jwt.cookie.secure:false}" ) boolean cookieSecure ,
42- @ Value ("${app.security.jwt.cookie.same-site:Lax}" ) String cookieSameSite
43+ @ Value ("${app.security.jwt.cookie.same-site:Lax}" ) String cookieSameSite ,
44+ @ Value ("${app.security.jwt.cookie.domain:}" ) String cookieDomain
4345 ) {
4446 this .cookieSecure = cookieSecure ;
4547 this .cookieSameSite = StringUtils .hasText (cookieSameSite ) ? cookieSameSite : "Lax" ;
48+ this .cookieDomain = StringUtils .hasText (cookieDomain ) ? cookieDomain : null ;
4649 }
4750
4851 public void addTokenCookies (HttpServletResponse response , LoginResponse loginResponse ) {
@@ -124,11 +127,15 @@ private void addExpiredCookie(HttpServletResponse response, String name, String
124127 }
125128
126129 private ResponseCookie .ResponseCookieBuilder baseCookie (String name , String value , String path , boolean httpOnly ) {
127- return ResponseCookie .from (name , value )
130+ ResponseCookie . ResponseCookieBuilder builder = ResponseCookie .from (name , value )
128131 .httpOnly (httpOnly )
129132 .secure (cookieSecure )
130133 .path (path )
131134 .sameSite (cookieSameSite );
135+ if (cookieDomain != null ) {
136+ builder = builder .domain (cookieDomain );
137+ }
138+ return builder ;
132139 }
133140
134141 private String generateCsrfToken () {
0 commit comments