Java Spring Boot 2设置Cookie响应标头缺失

Java Spring Boot 2设置Cookie响应标头缺失,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,请原谅任何结构/礼仪的缺失,这是我的第一篇帖子 我有一个使用Spring Boot(v2.1.6)的Java应用程序,具有基于注释的Spring Boot starter安全配置,无法理解如何添加以下响应头: "Set-Cookie: SameSite=strict" 要解决警告,请执行以下操作: A cookie associated with a cross-site resource at "myApiUrl" was set without the `SameSite` attrib

请原谅任何结构/礼仪的缺失,这是我的第一篇帖子

我有一个使用Spring Boot(v2.1.6)的Java应用程序,具有基于注释的Spring Boot starter安全配置,无法理解如何添加以下响应头:

 "Set-Cookie: SameSite=strict"
要解决警告,请执行以下操作:

A cookie associated with a cross-site resource at "myApiUrl" was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
下面列出了我的HttpSecurity的完整配置,我已尝试使用StaticHeadersWriter在配置的最后部分添加标头:

@Override
protected void configure(HttpSecurity http) throws Exception { 
    http
    .csrf().disable()
    .cors()
    .and()
        .exceptionHandling()
        .authenticationEntryPoint(entryPoint) //request is generally sent to entry point when unauthorized
    .and()
    .authorizeRequests()
        .antMatchers("/loggedIn").permitAll()
        .antMatchers("/createUser").permitAll()
        .antMatchers("/deleteUser").hasRole("ADMIN")
        .antMatchers("/fullDB").hasRole("ADMIN")
        .antMatchers("/logs").hasRole("ADMIN")
        .antMatchers("/**").authenticated()
    .and()
    .formLogin()
        .successHandler(new AuthenticationSuccessHandler())
        .failureHandler(new SimpleUrlAuthenticationFailureHandler())
    .and()
    .logout()
        .deleteCookies(cookieName)
        .invalidateHttpSession(true)
        .logoutUrl("/logout")
        .logoutSuccessHandler((new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK)))
    .and()
        .headers()
        .addHeaderWriter(new StaticHeadersWriter("Set-Cookie", "SameSite=strict"))
        .addHeaderWriter(new StaticHeadersWriter("A-cookie","B=val"))
        .addHeaderWriter(new StaticHeadersWriter("SetCookie","SameSitestrict"));
}
使用以下配置,我能够接收到每个标头的有效响应,但Set Cookie标头除外,它似乎已被删除,可以在下面的链接中看到

我尝试过的解决此问题的其他尝试包括在提供的successHandler()中将重定向添加到自定义url端点,这将返回一个ResponseEntity,我可以在其中提供以下代码,但是这些尝试也不会包含“Set Cookie”响应头

   HttpHeaders httpHeaders = new HttpHeaders();
   httpHeaders.add(HttpHeaders.SET_COOKIE, "SomeName=someId");
   return new ResponseEntity(httpHeaders, HttpStatus.OK);

 or

   response.addCookie(new Cookie("SomeName", "someId"));
   return ResponseEntity.ok().build();
任何关于如何在Spring Boot API调用的响应中提供“Set Cookie”头以解决此chrome警告的建议都将不胜感激