Prior to this commit, the GraphQL schema assembled by the
auto-configuration would provide no option for disabling the field
introspection.
While this feature is essential for many tools (including GraphiQL),
some prefer disabling it because this allows clients to gather
information about types and schema easily. This commit introduces a new
`spring.graphql.schema.introspection.enabled` configuration property.
Because potential attackers can still gather this information and this
feature is a core concern in the GraphQL spec, introspection is enabled
by default for Spring Boot applications.
Closes gh-29248
This commit replaces "you're" with some other structure, often
simplifying the sentence in the process.
Also checked for words that end with "'ll" and "n't" but did not find
any.
See gh-28710
Update Tomcat, Jetty and Undertow `ServletWebServerFactory`
implementations so that they can write SameSite cookie attributes.
The session cookie will be customized whenever the
`server.servlet.session.cookie.same-site` property is set.
Other cookies can be customized with the new `CookieSameSiteSupplier`
interface which can be registered using `@Bean` methods.
Closes gh-20971
Co-authored-by Andy Wilkinson <wilkinsona@vmware.com>
