[Http Foundation] Fix clear cookie samesite

Guillaume Pédelagrabe · nicolas-grekas · commit a8833c56f6a4 · 2020-03-23T13:14:52.000+01:00
diff --git a/ResponseHeaderBag.php b/ResponseHeaderBag.php
@@ -244,10 +244,13 @@ public function getCookies($format = self::COOKIES_FLAT)
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
-    public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true)
+    public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true/*, $sameSite = null*/)
     {
-        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly));
+        $sameSite = \func_num_args() > 5 ? func_get_arg(5) : null;
+
+        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));
     }
 
     /**
diff --git a/Tests/ResponseHeaderBagTest.php b/Tests/ResponseHeaderBagTest.php
@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()
         $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);
     }
 
+    public function testClearCookieSamesite()
+    {
+        $bag = new ResponseHeaderBag([]);
+
+        $bag->clearCookie('foo', '/', null, true, false, 'none');
+        $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);
+    }
+
     public function testReplace()
     {
         $bag = new ResponseHeaderBag([]);

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()`
`128`	`128`	`$this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);`
`129`	`129`	`}`
`130`	`130`
	`131`	`+ public function testClearCookieSamesite()`
	`132`	`+ {`
	`133`	`+ $bag = new ResponseHeaderBag([]);`
	`134`	`+`
	`135`	`+ $bag->clearCookie('foo', '/', null, true, false, 'none');`
	`136`	`+ $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);`
	`137`	`+ }`
	`138`	`+`
`131`	`139`	`public function testReplace()`
`132`	`140`	`{`
`133`	`141`	`$bag = new ResponseHeaderBag([]);`