Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 2ecf45c

Browse filesBrowse files
committed
bug #12491 [Security] Don't send remember cookie for sub request (blanchonvincent)
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #12491). Discussion ---------- [Security] Don't send remember cookie for sub request | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Remember cookie shouldn't be sent for sub request Commits ------- ec38936 adapted previous commit for 2.3 119b091 [Security] Don't send remember cookie for sub request
2 parents d2e951b + ec38936 commit 2ecf45c
Copy full SHA for 2ecf45c

File tree

2 files changed

+24
-2
lines changed
Filter options

2 files changed

+24
-2
lines changed

‎src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1515
use Symfony\Component\HttpKernel\KernelEvents;
16+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1617
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
1718

1819
/**
@@ -27,6 +28,10 @@ class ResponseListener implements EventSubscriberInterface
2728
*/
2829
public function onKernelResponse(FilterResponseEvent $event)
2930
{
31+
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
32+
return;
33+
}
34+
3035
$request = $event->getRequest();
3136
$response = $event->getResponse();
3237

‎src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php
+19-2Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Symfony\Component\Security\Tests\Http\RememberMe;
1313

14+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1415
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
1516
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
1617
use Symfony\Component\HttpFoundation\Request;
@@ -41,7 +42,22 @@ public function testRememberMeCookieIsSentWithResponse()
4142
$listener->onKernelResponse($this->getEvent($request, $response));
4243
}
4344

44-
public function testRemmeberMeCookieIsNotSendWithResponse()
45+
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
46+
{
47+
$cookie = new Cookie('rememberme');
48+
49+
$request = $this->getRequest(array(
50+
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
51+
));
52+
53+
$response = $this->getResponse();
54+
$response->headers->expects($this->never())->method('setCookie');
55+
56+
$listener = new ResponseListener();
57+
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
58+
}
59+
60+
public function testRememberMeCookieIsNotSendWithResponse()
4561
{
4662
$request = $this->getRequest();
4763

@@ -78,13 +94,14 @@ private function getResponse()
7894
return $response;
7995
}
8096

81-
private function getEvent($request, $response)
97+
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
8298
{
8399
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
84100
->disableOriginalConstructor()
85101
->getMock();
86102

87103
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
104+
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
88105
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
89106

90107
return $event;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.