Security Hotspot fix

Author: ravishanigarapu

src/main/java/com/iemr/ecd/utils/mapper/SecurityConfig.java

@@ -29,20 +29,24 @@ public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter,
 	    this.customAccessDeniedHandler = customAccessDeniedHandler;
 	}
 
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-            .csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-            .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/user/*").permitAll()
-                .anyRequest().authenticated()
-            ).exceptionHandling(ex -> ex
-                    .authenticationEntryPoint(customAuthenticationEntryPoint)
-                    .accessDeniedHandler(customAccessDeniedHandler)
-                )
-            .addFilterBefore(roleAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+	    CookieCsrfTokenRepository csrfTokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse();
+	    csrfTokenRepository.setCookieHttpOnly(true); // Fixes the security hotspot
 
-        return http.build();
-    }
+	    http
+	        .csrf(csrf -> csrf.csrfTokenRepository(csrfTokenRepository))
+	        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+	        .authorizeHttpRequests(auth -> auth
+	            .requestMatchers("/user/*").permitAll()
+	            .anyRequest().authenticated()
+	        )
+	        .exceptionHandling(ex -> ex
+	            .authenticationEntryPoint(customAuthenticationEntryPoint)
+	            .accessDeniedHandler(customAccessDeniedHandler)
+	        )
+	        .addFilterBefore(roleAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+	    return http.build();
+	}
 }