diff --git a/UPGRADE-4.2.md b/UPGRADE-4.2.md
index d2db3db0901a6..884748ee2c4f9 100644
--- a/UPGRADE-4.2.md
+++ b/UPGRADE-4.2.md
@@ -72,6 +72,13 @@ Form
{% endfor %}
```
+HttpFoundation
+--------------
+
+ * The default value of the "$secure" and "$samesite" arguments of Cookie's constructor
+ will respectively change from "false" to "null" and from "null" to "lax" in Symfony
+ 5.0, you should define their values explicitly or use "Cookie::create()" instead.
+
Process
-------
diff --git a/UPGRADE-5.0.md b/UPGRADE-5.0.md
index 49ec7e39a8b93..f3d55fcf6017c 100644
--- a/UPGRADE-5.0.md
+++ b/UPGRADE-5.0.md
@@ -117,6 +117,8 @@ HttpFoundation
* The `$size` argument of the `UploadedFile` constructor has been removed.
* The `getClientSize()` method of the `UploadedFile` class has been removed.
* The `getSession()` method of the `Request` class throws an exception when session is null.
+ * The default value of the "$secure" and "$samesite" arguments of Cookie's constructor
+ changed respectively from "false" to "null" and from "null" to "lax".
Monolog
-------
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 434053d94604a..fbb9754fe4bc1 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -199,6 +199,9 @@ public function load(array $configs, ContainerBuilder $container)
if ($this->isConfigEnabled($container, $config['session'])) {
$this->sessionConfigEnabled = true;
$this->registerSessionConfiguration($config['session'], $container, $loader);
+ if (!empty($config['test'])) {
+ $container->getDefinition('test.session.listener')->setArgument(1, '%session.storage.options%');
+ }
}
if ($this->isConfigEnabled($container, $config['request'])) {
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
index d2e28c6354482..73716f35aca17 100644
--- a/src/Symfony/Component/HttpFoundation/CHANGELOG.md
+++ b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -5,6 +5,9 @@ CHANGELOG
-----
* added `getAcceptableFormats()` for reading acceptable formats based on Accept header
+ * the default value of the "$secure" and "$samesite" arguments of Cookie's constructor
+ will respectively change from "false" to "null" and from "null" to "lax" in Symfony
+ 5.0, you should define their values explicitly or use "Cookie::create()" instead.
4.1.3
-----
diff --git a/src/Symfony/Component/HttpFoundation/Cookie.php b/src/Symfony/Component/HttpFoundation/Cookie.php
index 2332bb4dbaeb3..7aab318ccdae7 100644
--- a/src/Symfony/Component/HttpFoundation/Cookie.php
+++ b/src/Symfony/Component/HttpFoundation/Cookie.php
@@ -27,6 +27,7 @@ class Cookie
protected $httpOnly;
private $raw;
private $sameSite;
+ private $secureDefault = false;
const SAMESITE_LAX = 'lax';
const SAMESITE_STRICT = 'strict';
@@ -66,21 +67,30 @@ public static function fromString($cookie, $decode = false)
return new static($name, $value, $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']);
}
+ public static function create(string $name, string $value = null, $expire = 0, ?string $path = '/', string $domain = null, bool $secure = null, bool $httpOnly = true, bool $raw = false, ?string $sameSite = self::SAMESITE_LAX): self
+ {
+ return new self($name, $value, $expire, $path, $domain, $secure, $httpOnly, $raw, $sameSite);
+ }
+
/**
* @param string $name The name of the cookie
* @param string|null $value The value of the cookie
* @param int|string|\DateTimeInterface $expire The time the cookie expires
* @param string $path The path on the server in which the cookie will be available on
* @param string|null $domain The domain that the cookie is available to
- * @param bool $secure Whether the cookie should only be transmitted over a secure HTTPS connection from the client
+ * @param bool|null $secure Whether the client should send back the cookie only over HTTPS or null to auto-enable this when the request is already using HTTPS
* @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
* @param bool $raw Whether the cookie value should be sent with no url encoding
* @param string|null $sameSite Whether the cookie will be available for cross-site requests
*
* @throws \InvalidArgumentException
*/
- public function __construct(string $name, string $value = null, $expire = 0, ?string $path = '/', string $domain = null, bool $secure = false, bool $httpOnly = true, bool $raw = false, string $sameSite = null)
+ public function __construct(string $name, string $value = null, $expire = 0, ?string $path = '/', string $domain = null, ?bool $secure = false, bool $httpOnly = true, bool $raw = false, string $sameSite = null)
{
+ if (9 > \func_num_args()) {
+ @trigger_error(sprintf('The default value of the "$secure" and "$samesite" arguments of "%s"\'s constructor will respectively change from "false" to "null" and from "null" to "lax" in Symfony 5.0, you should define their values explicitly or use "Cookie::create()" instead.', __METHOD__), E_USER_DEPRECATED);
+ }
+
// from PHP source code
if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {
throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name));
@@ -110,7 +120,9 @@ public function __construct(string $name, string $value = null, $expire = 0, ?st
$this->httpOnly = $httpOnly;
$this->raw = $raw;
- if (null !== $sameSite) {
+ if ('' === $sameSite) {
+ $sameSite = null;
+ } elseif (null !== $sameSite) {
$sameSite = strtolower($sameSite);
}
@@ -232,7 +244,7 @@ public function getPath()
*/
public function isSecure()
{
- return $this->secure;
+ return $this->secure ?? $this->secureDefault;
}
/**
@@ -274,4 +286,12 @@ public function getSameSite()
{
return $this->sameSite;
}
+
+ /**
+ * @param bool $default The default value of the "secure" flag when it is set to null
+ */
+ public function setSecureDefault(bool $default): void
+ {
+ $this->secureDefault = $default;
+ }
}
diff --git a/src/Symfony/Component/HttpFoundation/Response.php b/src/Symfony/Component/HttpFoundation/Response.php
index 7f6ae7cd7a0f3..14685f5b564e4 100644
--- a/src/Symfony/Component/HttpFoundation/Response.php
+++ b/src/Symfony/Component/HttpFoundation/Response.php
@@ -313,6 +313,12 @@ public function prepare(Request $request)
$this->ensureIEOverSSLCompatibility($request);
+ if ($request->isSecure()) {
+ foreach ($headers->getCookies() as $cookie) {
+ $cookie->setSecureDefault(true);
+ }
+ }
+
return $this;
}
diff --git a/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php b/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php
index ed2e0cfb574d5..f4ca374fe0a4c 100644
--- a/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php
+++ b/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php
@@ -247,7 +247,7 @@ public function getCookies($format = self::COOKIES_FLAT)
*/
public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true)
{
- $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly));
+ $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, null));
}
/**
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
index c521bf7fcaa46..e9e30f0196eed 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
@@ -128,7 +128,9 @@ public function destroy($sessionId)
if (\PHP_VERSION_ID < 70300) {
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
} else {
- setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'), ini_get('session.cookie_samesite'));
+ $params = session_get_cookie_params();
+ unset($params['lifetime']);
+ setcookie($this->sessionName, '', $params);
}
}
}
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
index 04f90a30fd4ce..0e19bf8528536 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
@@ -153,7 +153,7 @@ public function start()
if (null !== $this->emulateSameSite) {
$originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());
if (null !== $originalCookie) {
- header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite));
+ header(sprintf('%s; samesite=%s', $originalCookie, $this->emulateSameSite));
}
}
diff --git a/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php b/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
index 390d42a620f38..44981dff8b203 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
@@ -45,7 +45,7 @@ public function invalidNames()
*/
public function testInstantiationThrowsExceptionIfCookieNameContainsInvalidCharacters($name)
{
- new Cookie($name);
+ Cookie::create($name);
}
/**
@@ -53,12 +53,12 @@ public function testInstantiationThrowsExceptionIfCookieNameContainsInvalidChara
*/
public function testInvalidExpiration()
{
- new Cookie('MyCookie', 'foo', 'bar');
+ Cookie::create('MyCookie', 'foo', 'bar');
}
public function testNegativeExpirationIsNotPossible()
{
- $cookie = new Cookie('foo', 'bar', -100);
+ $cookie = Cookie::create('foo', 'bar', -100);
$this->assertSame(0, $cookie->getExpiresTime());
}
@@ -66,32 +66,32 @@ public function testNegativeExpirationIsNotPossible()
public function testGetValue()
{
$value = 'MyValue';
- $cookie = new Cookie('MyCookie', $value);
+ $cookie = Cookie::create('MyCookie', $value);
$this->assertSame($value, $cookie->getValue(), '->getValue() returns the proper value');
}
public function testGetPath()
{
- $cookie = new Cookie('foo', 'bar');
+ $cookie = Cookie::create('foo', 'bar');
$this->assertSame('/', $cookie->getPath(), '->getPath() returns / as the default path');
}
public function testGetExpiresTime()
{
- $cookie = new Cookie('foo', 'bar');
+ $cookie = Cookie::create('foo', 'bar');
$this->assertEquals(0, $cookie->getExpiresTime(), '->getExpiresTime() returns the default expire date');
- $cookie = new Cookie('foo', 'bar', $expire = time() + 3600);
+ $cookie = Cookie::create('foo', 'bar', $expire = time() + 3600);
$this->assertEquals($expire, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
}
public function testGetExpiresTimeIsCastToInt()
{
- $cookie = new Cookie('foo', 'bar', 3600.9);
+ $cookie = Cookie::create('foo', 'bar', 3600.9);
$this->assertSame(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date as an integer');
}
@@ -99,7 +99,7 @@ public function testGetExpiresTimeIsCastToInt()
public function testConstructorWithDateTime()
{
$expire = new \DateTime();
- $cookie = new Cookie('foo', 'bar', $expire);
+ $cookie = Cookie::create('foo', 'bar', $expire);
$this->assertEquals($expire->format('U'), $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
}
@@ -107,7 +107,7 @@ public function testConstructorWithDateTime()
public function testConstructorWithDateTimeImmutable()
{
$expire = new \DateTimeImmutable();
- $cookie = new Cookie('foo', 'bar', $expire);
+ $cookie = Cookie::create('foo', 'bar', $expire);
$this->assertEquals($expire->format('U'), $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
}
@@ -115,7 +115,7 @@ public function testConstructorWithDateTimeImmutable()
public function testGetExpiresTimeWithStringValue()
{
$value = '+1 day';
- $cookie = new Cookie('foo', 'bar', $value);
+ $cookie = Cookie::create('foo', 'bar', $value);
$expire = strtotime($value);
$this->assertEquals($expire, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date', 1);
@@ -123,99 +123,99 @@ public function testGetExpiresTimeWithStringValue()
public function testGetDomain()
{
- $cookie = new Cookie('foo', 'bar', 0, '/', '.myfoodomain.com');
+ $cookie = Cookie::create('foo', 'bar', 0, '/', '.myfoodomain.com');
$this->assertEquals('.myfoodomain.com', $cookie->getDomain(), '->getDomain() returns the domain name on which the cookie is valid');
}
public function testIsSecure()
{
- $cookie = new Cookie('foo', 'bar', 0, '/', '.myfoodomain.com', true);
+ $cookie = Cookie::create('foo', 'bar', 0, '/', '.myfoodomain.com', true);
$this->assertTrue($cookie->isSecure(), '->isSecure() returns whether the cookie is transmitted over HTTPS');
}
public function testIsHttpOnly()
{
- $cookie = new Cookie('foo', 'bar', 0, '/', '.myfoodomain.com', false, true);
+ $cookie = Cookie::create('foo', 'bar', 0, '/', '.myfoodomain.com', false, true);
$this->assertTrue($cookie->isHttpOnly(), '->isHttpOnly() returns whether the cookie is only transmitted over HTTP');
}
public function testCookieIsNotCleared()
{
- $cookie = new Cookie('foo', 'bar', time() + 3600 * 24);
+ $cookie = Cookie::create('foo', 'bar', time() + 3600 * 24);
$this->assertFalse($cookie->isCleared(), '->isCleared() returns false if the cookie did not expire yet');
}
public function testCookieIsCleared()
{
- $cookie = new Cookie('foo', 'bar', time() - 20);
+ $cookie = Cookie::create('foo', 'bar', time() - 20);
$this->assertTrue($cookie->isCleared(), '->isCleared() returns true if the cookie has expired');
- $cookie = new Cookie('foo', 'bar');
+ $cookie = Cookie::create('foo', 'bar');
$this->assertFalse($cookie->isCleared());
- $cookie = new Cookie('foo', 'bar', 0);
+ $cookie = Cookie::create('foo', 'bar');
$this->assertFalse($cookie->isCleared());
- $cookie = new Cookie('foo', 'bar', -1);
+ $cookie = Cookie::create('foo', 'bar', -1);
$this->assertFalse($cookie->isCleared());
}
public function testToString()
{
- $cookie = new Cookie('foo', 'bar', $expire = strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true);
+ $cookie = Cookie::create('foo', 'bar', $expire = strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, false, null);
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; Max-Age=0; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() returns string representation of the cookie');
- $cookie = new Cookie('foo', 'bar with white spaces', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true);
+ $cookie = Cookie::create('foo', 'bar with white spaces', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, false, null);
$this->assertEquals('foo=bar%20with%20white%20spaces; expires=Fri, 20-May-2011 15:25:52 GMT; Max-Age=0; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() encodes the value of the cookie according to RFC 3986 (white space = %20)');
- $cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com');
+ $cookie = Cookie::create('foo', null, 1, '/admin/', '.myfoodomain.com', false, true, false, null);
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', $expire = time() - 31536001).'; Max-Age=0; path=/admin/; domain=.myfoodomain.com; httponly', (string) $cookie, '->__toString() returns string representation of a cleared cookie if value is NULL');
- $cookie = new Cookie('foo', 'bar', 0, '/', '');
- $this->assertEquals('foo=bar; path=/; httponly', (string) $cookie);
+ $cookie = Cookie::create('foo', 'bar');
+ $this->assertEquals('foo=bar; path=/; httponly; samesite=lax', (string) $cookie);
}
public function testRawCookie()
{
- $cookie = new Cookie('foo', 'b a r', 0, '/', null, false, false);
+ $cookie = Cookie::create('foo', 'b a r', 0, '/', null, false, false, false, null);
$this->assertFalse($cookie->isRaw());
$this->assertEquals('foo=b%20a%20r; path=/', (string) $cookie);
- $cookie = new Cookie('foo', 'b+a+r', 0, '/', null, false, false, true);
+ $cookie = Cookie::create('foo', 'b+a+r', 0, '/', null, false, false, true, null);
$this->assertTrue($cookie->isRaw());
$this->assertEquals('foo=b+a+r; path=/', (string) $cookie);
}
public function testGetMaxAge()
{
- $cookie = new Cookie('foo', 'bar');
+ $cookie = Cookie::create('foo', 'bar');
$this->assertEquals(0, $cookie->getMaxAge());
- $cookie = new Cookie('foo', 'bar', $expire = time() + 100);
+ $cookie = Cookie::create('foo', 'bar', $expire = time() + 100);
$this->assertEquals($expire - time(), $cookie->getMaxAge());
- $cookie = new Cookie('foo', 'bar', $expire = time() - 100);
+ $cookie = Cookie::create('foo', 'bar', $expire = time() - 100);
$this->assertEquals(0, $cookie->getMaxAge());
}
public function testFromString()
{
$cookie = Cookie::fromString('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly');
- $this->assertEquals(new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, true), $cookie);
+ $this->assertEquals(Cookie::create('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, true, null), $cookie);
$cookie = Cookie::fromString('foo=bar', true);
- $this->assertEquals(new Cookie('foo', 'bar', 0, '/', null, false, false), $cookie);
+ $this->assertEquals(Cookie::create('foo', 'bar', 0, '/', null, false, false, false, null), $cookie);
$cookie = Cookie::fromString('foo', true);
- $this->assertEquals(new Cookie('foo', null, 0, '/', null, false, false), $cookie);
+ $this->assertEquals(Cookie::create('foo', null, 0, '/', null, false, false, false, null), $cookie);
}
public function testFromStringWithHttpOnly()
@@ -227,9 +227,27 @@ public function testFromStringWithHttpOnly()
$this->assertFalse($cookie->isHttpOnly());
}
- public function testSameSiteAttributeIsCaseInsensitive()
+ public function testSameSiteAttribute()
{
$cookie = new Cookie('foo', 'bar', 0, '/', null, false, true, false, 'Lax');
$this->assertEquals('lax', $cookie->getSameSite());
+
+ $cookie = new Cookie('foo', 'bar', 0, '/', null, false, true, false, '');
+ $this->assertNull($cookie->getSameSite());
+ }
+
+ public function testSetSecureDefault()
+ {
+ $cookie = Cookie::create('foo', 'bar');
+
+ $this->assertFalse($cookie->isSecure());
+
+ $cookie->setSecureDefault(true);
+
+ $this->assertTrue($cookie->isSecure());
+
+ $cookie->setSecureDefault(false);
+
+ $this->assertFalse($cookie->isSecure());
}
}
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php
index 8775a5cceeb88..e18ce525230f0 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php
@@ -4,7 +4,7 @@
$r = require __DIR__.'/common.inc';
-$r->headers->setCookie(new Cookie('foo', 'bar', 253402310800, '', null, false, false));
+$r->headers->setCookie(new Cookie('foo', 'bar', 253402310800, '', null, false, false, false, null));
$r->sendHeaders();
setcookie('foo2', 'bar', 253402310800, '/');
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php
index 2ca5b59f1a3e5..00c022d953947 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php
@@ -6,7 +6,7 @@
$str = '?*():@&+$/%#[]';
-$r->headers->setCookie(new Cookie($str, $str, 0, '/', null, false, false, true));
+$r->headers->setCookie(new Cookie($str, $str, 0, '/', null, false, false, true, null));
$r->sendHeaders();
setrawcookie($str, $str, 0, '/', null, false, false);
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_urlencode.php b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_urlencode.php
index 05b9af30d58f2..c0363b829d426 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_urlencode.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_urlencode.php
@@ -6,7 +6,7 @@
$str = '?*():@&+$/%#[]';
-$r->headers->setCookie(new Cookie($str, $str, 0, '', null, false, false));
+$r->headers->setCookie(new Cookie($str, $str, 0, '', null, false, false, false, null));
$r->sendHeaders();
setcookie($str, $str, 0, '/');
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/invalid_cookie_name.php b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/invalid_cookie_name.php
index 3fe1571845628..0afaaa8a57b40 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/invalid_cookie_name.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/invalid_cookie_name.php
@@ -5,7 +5,7 @@
$r = require __DIR__.'/common.inc';
try {
- $r->headers->setCookie(new Cookie('Hello + world', 'hodor'));
+ $r->headers->setCookie(Cookie::create('Hello + world', 'hodor'));
} catch (\InvalidArgumentException $e) {
echo $e->getMessage();
}
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php b/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
index e987677d47db6..2544e2bad4578 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
@@ -110,9 +110,9 @@ public function testCacheControlClone()
public function testToStringIncludesCookieHeaders()
{
$bag = new ResponseHeaderBag(array());
- $bag->setCookie(new Cookie('foo', 'bar'));
+ $bag->setCookie(Cookie::create('foo', 'bar'));
- $this->assertSetCookieHeader('foo=bar; path=/; httponly', $bag);
+ $this->assertSetCookieHeader('foo=bar; path=/; httponly; samesite=lax', $bag);
$bag->clearCookie('foo');
@@ -154,24 +154,24 @@ public function testReplaceWithRemove()
public function testCookiesWithSameNames()
{
$bag = new ResponseHeaderBag();
- $bag->setCookie(new Cookie('foo', 'bar', 0, '/path/foo', 'foo.bar'));
- $bag->setCookie(new Cookie('foo', 'bar', 0, '/path/bar', 'foo.bar'));
- $bag->setCookie(new Cookie('foo', 'bar', 0, '/path/bar', 'bar.foo'));
- $bag->setCookie(new Cookie('foo', 'bar'));
+ $bag->setCookie(Cookie::create('foo', 'bar', 0, '/path/foo', 'foo.bar'));
+ $bag->setCookie(Cookie::create('foo', 'bar', 0, '/path/bar', 'foo.bar'));
+ $bag->setCookie(Cookie::create('foo', 'bar', 0, '/path/bar', 'bar.foo'));
+ $bag->setCookie(Cookie::create('foo', 'bar'));
$this->assertCount(4, $bag->getCookies());
- $this->assertEquals('foo=bar; path=/path/foo; domain=foo.bar; httponly', $bag->get('set-cookie'));
+ $this->assertEquals('foo=bar; path=/path/foo; domain=foo.bar; httponly; samesite=lax', $bag->get('set-cookie'));
$this->assertEquals(array(
- 'foo=bar; path=/path/foo; domain=foo.bar; httponly',
- 'foo=bar; path=/path/bar; domain=foo.bar; httponly',
- 'foo=bar; path=/path/bar; domain=bar.foo; httponly',
- 'foo=bar; path=/; httponly',
+ 'foo=bar; path=/path/foo; domain=foo.bar; httponly; samesite=lax',
+ 'foo=bar; path=/path/bar; domain=foo.bar; httponly; samesite=lax',
+ 'foo=bar; path=/path/bar; domain=bar.foo; httponly; samesite=lax',
+ 'foo=bar; path=/; httponly; samesite=lax',
), $bag->get('set-cookie', null, false));
- $this->assertSetCookieHeader('foo=bar; path=/path/foo; domain=foo.bar; httponly', $bag);
- $this->assertSetCookieHeader('foo=bar; path=/path/bar; domain=foo.bar; httponly', $bag);
- $this->assertSetCookieHeader('foo=bar; path=/path/bar; domain=bar.foo; httponly', $bag);
- $this->assertSetCookieHeader('foo=bar; path=/; httponly', $bag);
+ $this->assertSetCookieHeader('foo=bar; path=/path/foo; domain=foo.bar; httponly; samesite=lax', $bag);
+ $this->assertSetCookieHeader('foo=bar; path=/path/bar; domain=foo.bar; httponly; samesite=lax', $bag);
+ $this->assertSetCookieHeader('foo=bar; path=/path/bar; domain=bar.foo; httponly; samesite=lax', $bag);
+ $this->assertSetCookieHeader('foo=bar; path=/; httponly; samesite=lax', $bag);
$cookies = $bag->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
@@ -186,8 +186,8 @@ public function testRemoveCookie()
$bag = new ResponseHeaderBag();
$this->assertFalse($bag->has('set-cookie'));
- $bag->setCookie(new Cookie('foo', 'bar', 0, '/path/foo', 'foo.bar'));
- $bag->setCookie(new Cookie('bar', 'foo', 0, '/path/bar', 'foo.bar'));
+ $bag->setCookie(Cookie::create('foo', 'bar', 0, '/path/foo', 'foo.bar'));
+ $bag->setCookie(Cookie::create('bar', 'foo', 0, '/path/bar', 'foo.bar'));
$this->assertTrue($bag->has('set-cookie'));
$cookies = $bag->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
@@ -209,8 +209,8 @@ public function testRemoveCookie()
public function testRemoveCookieWithNullRemove()
{
$bag = new ResponseHeaderBag();
- $bag->setCookie(new Cookie('foo', 'bar', 0));
- $bag->setCookie(new Cookie('bar', 'foo', 0));
+ $bag->setCookie(Cookie::create('foo', 'bar'));
+ $bag->setCookie(Cookie::create('bar', 'foo'));
$cookies = $bag->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
$this->assertArrayHasKey('/', $cookies['']);
@@ -228,12 +228,12 @@ public function testSetCookieHeader()
{
$bag = new ResponseHeaderBag();
$bag->set('set-cookie', 'foo=bar');
- $this->assertEquals(array(new Cookie('foo', 'bar', 0, '/', null, false, false, true)), $bag->getCookies());
+ $this->assertEquals(array(Cookie::create('foo', 'bar', 0, '/', null, false, false, true, null)), $bag->getCookies());
$bag->set('set-cookie', 'foo2=bar2', false);
$this->assertEquals(array(
- new Cookie('foo', 'bar', 0, '/', null, false, false, true),
- new Cookie('foo2', 'bar2', 0, '/', null, false, false, true),
+ Cookie::create('foo', 'bar', 0, '/', null, false, false, true, null),
+ Cookie::create('foo2', 'bar2', 0, '/', null, false, false, true, null),
), $bag->getCookies());
$bag->remove('set-cookie');
diff --git a/src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php b/src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
index f9b5ef4f2f0f7..03dcc11abdcb5 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
@@ -11,6 +11,7 @@
namespace Symfony\Component\HttpFoundation\Tests;
+use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@@ -573,6 +574,24 @@ public function testPrepareSetsPragmaOnHttp10Only()
$this->assertFalse($response->headers->has('expires'));
}
+ public function testPrepareSetsCookiesSecure()
+ {
+ $cookie = Cookie::create('foo', 'bar');
+
+ $response = new Response('foo');
+ $response->headers->setCookie($cookie);
+
+ $request = Request::create('/', 'GET');
+ $response->prepare($request);
+
+ $this->assertFalse($cookie->isSecure());
+
+ $request = Request::create('https://localhost/', 'GET');
+ $response->prepare($request);
+
+ $this->assertTrue($cookie->isSecure());
+ }
+
public function testSetCache()
{
$response = new Response();
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected
index d20fb88ec052f..dc9f44cea01a1 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected
@@ -11,6 +11,6 @@ Array
(
[0] => Content-Type: text/plain; charset=utf-8
[1] => Cache-Control: max-age=0, private, must-revalidate
- [2] => Set-Cookie: sid=random_session_id; path=/; secure; HttpOnly; SameSite=lax
+ [2] => Set-Cookie: sid=random_session_id; path=/; secure; HttpOnly; samesite=lax
)
shutdown
diff --git a/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php b/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php
index e8e33aa27bbb3..32cee4bff7b27 100644
--- a/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php
+++ b/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php
@@ -165,7 +165,8 @@ public function collect(Request $request, Response $response, \Exception $except
'controller' => $this->parseController($request->attributes->get('_controller')),
'status_code' => $statusCode,
'status_text' => Response::$statusTexts[(int) $statusCode],
- ))
+ )),
+ 0, '/', null, $request->isSecure(), true, false, 'lax'
));
}
diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
index 7f07e7f10acde..993c6ddf979ee 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
@@ -30,6 +30,12 @@
abstract class AbstractTestSessionListener implements EventSubscriberInterface
{
private $sessionId;
+ private $sessionOptions;
+
+ public function __construct(array $sessionOptions = array())
+ {
+ $this->sessionOptions = $sessionOptions;
+ }
public function onKernelRequest(GetResponseEvent $event)
{
@@ -72,7 +78,12 @@ public function onKernelResponse(FilterResponseEvent $event)
}
if ($session instanceof Session ? !$session->isEmpty() || (null !== $this->sessionId && $session->getId() !== $this->sessionId) : $wasStarted) {
- $params = session_get_cookie_params();
+ $params = session_get_cookie_params() + array('samesite' => null);
+ foreach ($this->sessionOptions as $k => $v) {
+ if (0 === strpos($k, 'cookie_')) {
+ $params[substr($k, 7)] = $v;
+ }
+ }
foreach ($event->getResponse()->headers->getCookies() as $cookie) {
if ($session->getName() === $cookie->getName() && $params['path'] === $cookie->getPath() && $params['domain'] == $cookie->getDomain()) {
@@ -80,7 +91,7 @@ public function onKernelResponse(FilterResponseEvent $event)
}
}
- $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']));
+ $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly'], false, $params['samesite'] ?: null));
$this->sessionId = $session->getId();
}
}
diff --git a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
index f859d09769671..23589a2bb35f6 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/TestSessionListener.php
@@ -24,9 +24,10 @@ class TestSessionListener extends AbstractTestSessionListener
{
private $container;
- public function __construct(ContainerInterface $container)
+ public function __construct(ContainerInterface $container, array $sessionOptions = array())
{
$this->container = $container;
+ parent::__construct($sessionOptions);
}
protected function getSession()
diff --git a/src/Symfony/Component/HttpKernel/Tests/ClientTest.php b/src/Symfony/Component/HttpKernel/Tests/ClientTest.php
index 17cbe3687c86b..4ce3670a30e0e 100644
--- a/src/Symfony/Component/HttpKernel/Tests/ClientTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/ClientTest.php
@@ -61,13 +61,13 @@ public function testFilterResponseConvertsCookies()
$m->setAccessible(true);
$response = new Response();
- $response->headers->setCookie($cookie1 = new Cookie('foo', 'bar', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true));
+ $response->headers->setCookie($cookie1 = new Cookie('foo', 'bar', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true, false, null));
$domResponse = $m->invoke($client, $response);
$this->assertSame((string) $cookie1, $domResponse->getHeader('Set-Cookie'));
$response = new Response();
- $response->headers->setCookie($cookie1 = new Cookie('foo', 'bar', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true));
- $response->headers->setCookie($cookie2 = new Cookie('foo1', 'bar1', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true));
+ $response->headers->setCookie($cookie1 = new Cookie('foo', 'bar', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true, false, null));
+ $response->headers->setCookie($cookie2 = new Cookie('foo1', 'bar1', \DateTime::createFromFormat('j-M-Y H:i:s T', '15-Feb-2009 20:00:00 GMT')->format('U'), '/foo', 'http://example.com', true, true, false, null));
$domResponse = $m->invoke($client, $response);
$this->assertSame((string) $cookie1, $domResponse->getHeader('Set-Cookie'));
$this->assertSame(array((string) $cookie1, (string) $cookie2), $domResponse->getHeader('Set-Cookie', false));
diff --git a/src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php b/src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php
index cce08e27c4cc5..e9b83175427f8 100644
--- a/src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php
@@ -274,9 +274,9 @@ protected function createResponse()
$response->setStatusCode(200);
$response->headers->set('Content-Type', 'application/json');
$response->headers->set('X-Foo-Bar', null);
- $response->headers->setCookie(new Cookie('foo', 'bar', 1, '/foo', 'localhost', true, true));
- $response->headers->setCookie(new Cookie('bar', 'foo', new \DateTime('@946684800')));
- $response->headers->setCookie(new Cookie('bazz', 'foo', '2000-12-12'));
+ $response->headers->setCookie(new Cookie('foo', 'bar', 1, '/foo', 'localhost', true, true, false, null));
+ $response->headers->setCookie(new Cookie('bar', 'foo', new \DateTime('@946684800'), '/', null, false, true, false, null));
+ $response->headers->setCookie(new Cookie('bazz', 'foo', '2000-12-12', '/', null, false, true, false, null));
return $response;
}
diff --git a/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php b/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
index ba5906839467d..24b80b2a91d9d 100644
--- a/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
@@ -24,7 +24,7 @@ class ResponseListenerTest extends TestCase
{
public function testRememberMeCookieIsSentWithResponse()
{
- $cookie = new Cookie('rememberme');
+ $cookie = new Cookie('rememberme', null, 0, '/', null, false, true, false, null);
$request = $this->getRequest(array(
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
@@ -39,7 +39,7 @@ public function testRememberMeCookieIsSentWithResponse()
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
{
- $cookie = new Cookie('rememberme');
+ $cookie = new Cookie('rememberme', null, 0, '/', null, false, true, false, null);
$request = $this->getRequest(array(
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy