Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a696d1f

Browse filesBrowse files
wouterjwouterj
committed
[Security/Http] Allow setting cookie security settings for delete_cookies
1 parent 29c80e8 commit a696d1f
Copy full SHA for a696d1f

File tree

5 files changed

+11
-4
lines changed
Filter options

5 files changed

+11
-4
lines changed

‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,8 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
273273
->children()
274274
->scalarNode('path')->defaultNull()->end()
275275
->scalarNode('domain')->defaultNull()->end()
276+
->scalarNode('secure')->defaultFalse()->end()
277+
->scalarNode('samesite')->defaultNull()->end()
276278
->end()
277279
->end()
278280
->end()

‎src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ public function __construct(array $cookies)
3838
public function logout(Request $request, Response $response, TokenInterface $token)
3939
{
4040
foreach ($this->cookies as $cookieName => $cookieData) {
41-
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
41+
$response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], isset($cookieData['secure']) ? $cookieData['secure'] : false, true, isset($cookieData['samesite']) ? $cookieData['samesite'] : null);
4242
}
4343
}
4444
}

‎src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/Tests/Logout/CookieClearingLogoutHandlerTest.php
+6-1Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Http\Tests\Logout;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\HttpFoundation\Cookie;
1516
use Symfony\Component\HttpFoundation\Request;
1617
use Symfony\Component\HttpFoundation\Response;
1718
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
@@ -25,7 +26,7 @@ public function testLogout()
2526
$response = new Response();
2627
$token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
2728

28-
$handler = new CookieClearingLogoutHandler(['foo' => ['path' => '/foo', 'domain' => 'foo.foo'], 'foo2' => ['path' => null, 'domain' => null]]);
29+
$handler = new CookieClearingLogoutHandler(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT], 'foo2' => ['path' => null, 'domain' => null]]);
2930

3031
$cookies = $response->headers->getCookies();
3132
$this->assertCount(0, $cookies);
@@ -39,12 +40,16 @@ public function testLogout()
3940
$this->assertEquals('foo', $cookie->getName());
4041
$this->assertEquals('/foo', $cookie->getPath());
4142
$this->assertEquals('foo.foo', $cookie->getDomain());
43+
$this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
44+
$this->assertTrue($cookie->isSecure());
4245
$this->assertTrue($cookie->isCleared());
4346

4447
$cookie = $cookies['']['/']['foo2'];
4548
$this->assertStringStartsWith('foo2', $cookie->getName());
4649
$this->assertEquals('/', $cookie->getPath());
4750
$this->assertNull($cookie->getDomain());
51+
$this->assertNull($cookie->getSameSite());
52+
$this->assertFalse($cookie->isSecure());
4853
$this->assertTrue($cookie->isCleared());
4954
}
5055
}

‎src/Symfony/Component/Security/Http/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Http/composer.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"php": "^5.5.9|>=7.0.8",
2020
"symfony/security-core": "~3.2|~4.0",
2121
"symfony/event-dispatcher": "~2.8|~3.0|~4.0",
22-
"symfony/http-foundation": "~2.8|~3.0|~4.0",
22+
"symfony/http-foundation": "~3.4.39|^4.4.6",
2323
"symfony/http-kernel": "~3.3|~4.0",
2424
"symfony/polyfill-php56": "~1.0",
2525
"symfony/polyfill-php70": "~1.0",

‎src/Symfony/Component/Security/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/composer.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"require": {
1919
"php": "^5.5.9|>=7.0.8",
2020
"symfony/event-dispatcher": "~2.8|~3.0|~4.0",
21-
"symfony/http-foundation": "^2.8.31|~3.3.13|~3.4|~4.0",
21+
"symfony/http-foundation": "~3.4.39|^4.4.6",
2222
"symfony/http-kernel": "~3.3|~4.0",
2323
"symfony/polyfill-php56": "~1.0",
2424
"symfony/polyfill-php70": "~1.0",

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.