Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security\Http] Fix handlingsecure: auto using the new RememberMeAuthenticator#41254
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
secure: auto using the new RememberMeA…secure: auto using the new RememberMeAuthenticator| if ('auto' ===$config['secure']) { | ||
| $config['secure'] =null; | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Here is the corresponding logic from the old implementation:
symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines 266 to 268 in4333d0b
| if ('auto' ===$mergedOptions['secure']) { | |
| $mergedOptions['secure'] =null; | |
| } |
It is needed for:
symfony/src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeHandler.php
Line 123 in4333d0b
| $this->options['secure'] ??$request->isSecure(), |
4333d0b to3fdc154Comparenicolas-grekas commentedMay 18, 2021
Thank you@chalasr. |
The created cookie was always secure when using
autobecause of some missing config normalization that should have been copied from the legacy rememberme implementation.