NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commit82a95df

committed

bug#25348 [HttpFoundation] Send cookies using header() to fix "SameSite" ones (nicolas-grekas, cvilleger)

This PR was merged into the 3.4 branch.Discussion----------[HttpFoundation] Send cookies using header() to fix "SameSite" ones| Q | A| ------------- | ---| Branch? | 3.4| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#25344| License | MIT| Doc PR | -Commits-------73fec23 [HttpFoundation] Add functional tests for Response::sendHeaders()e350ea0 [HttpFoundation] Send cookies using header() to fix "SameSite" ones

2 parents9a0422c +73fec23 commit82a95dfCopy full SHA for 82a95df

File tree

19 files changed

+231

-30

lines changed

src/Symfony/Component
- HttpFoundation
- HttpKernel/Tests
  - ClientTest.php

19 files changed

+231

-30

lines changed

`‎src/Symfony/Component/HttpFoundation/Cookie.php‎`

Lines changed: 5 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -145,12 +145,12 @@ public function __toString()`
`145`	`145`	`$str = ($this->isRaw() ?$this->getName() :urlencode($this->getName())).'=';`
`146`	`146`
`147`	`147`	`if ('' === (string)$this->getValue()) {`
`148`		`-$str .='deleted; expires='.gmdate('D, d-M-Y H:i:s T',time() -31536001).';max-age=-31536001';`
	`148`	`+$str .='deleted; expires='.gmdate('D, d-M-Y H:i:s T',time() -31536001).';Max-Age=0';`
`149`	`149`	`}else {`
`150`	`150`	`$str .=$this->isRaw() ?$this->getValue() :rawurlencode($this->getValue());`
`151`	`151`
`152`	`152`	`if (0 !==$this->getExpiresTime()) {`
`153`		`-$str .='; expires='.gmdate('D, d-M-Y H:i:s T',$this->getExpiresTime()).';max-age='.$this->getMaxAge();`
	`153`	`+$str .='; expires='.gmdate('D, d-M-Y H:i:s T',$this->getExpiresTime()).';Max-Age='.$this->getMaxAge();`
`154`	`154`	`}`
`155`	`155`	`}`
`156`	`156`
`@@ -224,7 +224,9 @@ public function getExpiresTime()`
`224`	`224`	`*/`
`225`	`225`	`publicfunctiongetMaxAge()`
`226`	`226`	`{`
`227`		`-return0 !==$this->expire ?$this->expire -time() :0;`
	`227`	`+$maxAge =$this->expire -time();`
	`228`	`+`
	`229`	`+return0 >=$maxAge ?0 :$maxAge;`
`228`	`230`	`}`
`229`	`231`
`230`	`232`	`/**`

`‎src/Symfony/Component/HttpFoundation/Response.php‎`

Lines changed: 1 addition & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -327,7 +327,7 @@ public function sendHeaders()`
`327`	`327`	`}`
`328`	`328`
`329`	`329`	`// headers`
`330`		`-foreach ($this->headers->allPreserveCaseWithoutCookies()as$name =>$values) {`
	`330`	`+foreach ($this->headers->allPreserveCase()as$name =>$values) {`
`331`	`331`	`foreach ($valuesas$value) {`
`332`	`332`	`header($name.':'.$value,false,$this->statusCode);`
`333`	`333`	`}`
`@@ -336,15 +336,6 @@ public function sendHeaders()`
`336`	`336`	`// status`
`337`	`337`	`header(sprintf('HTTP/%s %s %s',$this->version,$this->statusCode,$this->statusText),true,$this->statusCode);`
`338`	`338`
`339`		`-// cookies`
`340`		`-foreach ($this->headers->getCookies()as$cookie) {`
`341`		`-if ($cookie->isRaw()) {`
`342`		`-setrawcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpiresTime(),$cookie->getPath(),$cookie->getDomain(),$cookie->isSecure(),$cookie->isHttpOnly());`
`343`		`- }else {`
`344`		`-setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpiresTime(),$cookie->getPath(),$cookie->getDomain(),$cookie->isSecure(),$cookie->isHttpOnly());`
`345`		`- }`
`346`		`- }`
`347`		`-`
`348`	`339`	`return$this;`
`349`	`340`	`}`
`350`	`341`

`‎src/Symfony/Component/HttpFoundation/Tests/CookieTest.php‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -162,13 +162,13 @@ public function testCookieIsCleared()`
`162`	`162`	`publicfunctiontestToString()`
`163`	`163`	`{`
`164`	`164`	`$cookie =newCookie('foo','bar',$expire =strtotime('Fri, 20-May-2011 15:25:52 GMT'),'/','.myfoodomain.com',true);`
`165`		`-$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT;max-age='.($expire -time()).'; path=/; domain=.myfoodomain.com; secure; httponly', (string)$cookie,'->__toString() returns string representation of the cookie');`
	`165`	`+$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT;Max-Age=0; path=/; domain=.myfoodomain.com; secure; httponly', (string)$cookie,'->__toString() returns string representation of the cookie');`
`166`	`166`
`167`	`167`	`$cookie =newCookie('foo','bar with white spaces',strtotime('Fri, 20-May-2011 15:25:52 GMT'),'/','.myfoodomain.com',true);`
`168`		`-$this->assertEquals('foo=bar%20with%20white%20spaces; expires=Fri, 20-May-2011 15:25:52 GMT;max-age='.($expire -time()).'; path=/; domain=.myfoodomain.com; secure; httponly', (string)$cookie,'->__toString() encodes the value of the cookie according to RFC 3986 (white space = %20)');`
	`168`	`+$this->assertEquals('foo=bar%20with%20white%20spaces; expires=Fri, 20-May-2011 15:25:52 GMT;Max-Age=0; path=/; domain=.myfoodomain.com; secure; httponly', (string)$cookie,'->__toString() encodes the value of the cookie according to RFC 3986 (white space = %20)');`
`169`	`169`
`170`	`170`	`$cookie =newCookie('foo',null,1,'/admin/','.myfoodomain.com');`
`171`		`-$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T',$expire =time() -31536001).';max-age='.($expire -time()).'; path=/admin/; domain=.myfoodomain.com; httponly', (string)$cookie,'->__toString() returns string representation of a cleared cookie if value is NULL');`
	`171`	`+$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T',$expire =time() -31536001).';Max-Age=0; path=/admin/; domain=.myfoodomain.com; httponly', (string)$cookie,'->__toString() returns string representation of a cleared cookie if value is NULL');`
`172`	`172`
`173`	`173`	`$cookie =newCookie('foo','bar',0,'/','');`
`174`	`174`	`$this->assertEquals('foo=bar; path=/; httponly', (string)$cookie);`
`@@ -194,7 +194,7 @@ public function testGetMaxAge()`
`194`	`194`	`$this->assertEquals($expire -time(),$cookie->getMaxAge());`
`195`	`195`
`196`	`196`	`$cookie =newCookie('foo','bar',$expire =time() -100);`
`197`		`-$this->assertEquals($expire -time(),$cookie->getMaxAge());`
	`197`	`+$this->assertEquals(0,$cookie->getMaxAge());`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`publicfunctiontestFromString()`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc‎`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,39 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+useSymfony\Component\HttpFoundation\Response;`
	`4`	`+`
	`5`	`+$parent =__DIR__;`
	`6`	`+while (!@file_exists($parent.'/vendor/autoload.php')) {`
	`7`	`+if (!@file_exists($parent)) {`
	`8`	`+// open_basedir restriction in effect`
	`9`	`+break;`
	`10`	`+ }`
	`11`	`+if ($parent ===dirname($parent)) {`
	`12`	`+echo"vendor/autoload.php not found\n";`
	`13`	`+exit(1);`
	`14`	`+ }`
	`15`	`+`
	`16`	`+$parent =dirname($parent);`
	`17`	`+}`
	`18`	`+`
	`19`	`+require$parent.'/vendor/autoload.php';`
	`20`	`+`
	`21`	`+error_reporting(-1);`
	`22`	`+ini_set('html_errors',0);`
	`23`	`+ini_set('display_errors',1);`
	`24`	`+`
	`25`	`+header_remove('X-Powered-By');`
	`26`	`+header('Content-Type: text/plain; charset=utf-8');`
	`27`	`+`
	`28`	`+register_shutdown_function(function () {`
	`29`	`+echo"\n";`
	`30`	`+session_write_close();`
	`31`	`+print_r(headers_list());`
	`32`	`+echo"shutdown\n";`
	`33`	`+});`
	`34`	`+ob_start();`
	`35`	`+`
	`36`	`+$r =newResponse();`
	`37`	`+$r->headers->set('Date','Sat, 12 Nov 1955 20:04:00 GMT');`
	`38`	`+`
	`39`	`+return$r;`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.expected‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,11 @@`
	`1`	`+`
	`2`	`+Warning: Expiry date cannot have a year greater than 9999 in %scookie_max_age.php on line 10`
	`3`	`+`
	`4`	`+Array`
	`5`	`+(`
	`6`	`+ [0] => Content-Type: text/plain; charset=utf-8`
	`7`	`+ [1] => Cache-Control: no-cache, private`
	`8`	`+ [2] => Date: Sat, 12 Nov 1955 20:04:00 GMT`
	`9`	`+ [3] => Set-Cookie: foo=bar; expires=Sat, 01-Jan-10000 02:46:40 GMT; Max-Age=%d; path=/`
	`10`	`+)`
	`11`	`+shutdown`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,10 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+useSymfony\Component\HttpFoundation\Cookie;`
	`4`	`+`
	`5`	`+$r =require__DIR__.'/common.inc';`
	`6`	`+`
	`7`	`+$r->headers->setCookie(newCookie('foo','bar',253402310800,'',null,false,false));`
	`8`	`+$r->sendHeaders();`
	`9`	`+`
	`10`	`+setcookie('foo2','bar',253402310800,'/');`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.expected‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,10 @@`
	`1`	`+`
	`2`	`+Array`
	`3`	`+(`
	`4`	`+ [0] => Content-Type: text/plain; charset=utf-8`
	`5`	`+ [1] => Cache-Control: no-cache, private`
	`6`	`+ [2] => Date: Sat, 12 Nov 1955 20:04:00 GMT`
	`7`	`+ [3] => Set-Cookie: ?():@&+$/%#[]=?():@&+$/%#[]; path=/`
	`8`	`+ [4] => Set-Cookie: ?():@&+$/%#[]=?():@&+$/%#[]; path=/`
	`9`	`+)`
	`10`	`+shutdown`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,12 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+useSymfony\Component\HttpFoundation\Cookie;`
	`4`	`+`
	`5`	`+$r =require__DIR__.'/common.inc';`
	`6`	`+`
	`7`	`+$str ='?*():@&+$/%#[]';`
	`8`	`+`
	`9`	`+$r->headers->setCookie(newCookie($str,$str,0,'/',null,false,false,true));`
	`10`	`+$r->sendHeaders();`
	`11`	`+`
	`12`	`+setrawcookie($str,$str,0,'/',null,false,false);`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_samesite_lax.expected‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,9 @@`
	`1`	`+`
	`2`	`+Array`
	`3`	`+(`
	`4`	`+ [0] => Content-Type: text/plain; charset=utf-8`
	`5`	`+ [1] => Cache-Control: no-cache, private`
	`6`	`+ [2] => Date: Sat, 12 Nov 1955 20:04:00 GMT`
	`7`	`+ [3] => Set-Cookie: CookieSamesiteLaxTest=LaxValue; path=/; httponly; samesite=lax`
	`8`	`+)`
	`9`	`+shutdown`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_samesite_lax.php‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,8 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+useSymfony\Component\HttpFoundation\Cookie;`
	`4`	`+`
	`5`	`+$r =require__DIR__.'/common.inc';`
	`6`	`+`
	`7`	`+$r->headers->setCookie(newCookie('CookieSamesiteLaxTest','LaxValue',0,'/',null,false,true,false, Cookie::SAMESITE_LAX));`
	`8`	`+$r->sendHeaders();`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit82a95df

File tree

19 files changed

19 files changed

`‎src/Symfony/Component/HttpFoundation/Cookie.php‎`

`‎src/Symfony/Component/HttpFoundation/Response.php‎`

`‎src/Symfony/Component/HttpFoundation/Tests/CookieTest.php‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.expected‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.expected‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_raw_urlencode.php‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_samesite_lax.expected‎`

`‎src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_samesite_lax.php‎`

0 commit comments