8000 bug #12491 [Security] Don't send remember cookie for sub request (bla… · symfony/symfony@2ecf45c · GitHub
[go: up one dir, main page]
Skip to content

Commit 2ecf45c

Browse files
fabpotfabpot
committed
bug #12491 [Security] Don't send remember cookie for sub request (blanchonvincent)
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #12491). Discussion ---------- [Security] Don't send remember cookie for sub request | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Remember cookie shouldn't be sent for sub request Commits ------- ec38936 adapted previous commit for 2.3 119b091 [Security] Don't send remember cookie for sub request
2 parents d2e951b + ec38936 commit 2ecf45c

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1515
use Symfony\Component\HttpKernel\KernelEvents;
16+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1617
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
1718

1819
/**
@@ -27,6 +28,10 @@ class ResponseListener implements EventSubscriberInterface
2728
*/
2829
public function onKernelResponse(FilterResponseEvent $event)
2930
{
31+
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
32+
return;
33+
}
34+
3035
$request = $event->getRequest();
3136
$response = $event->getResponse();
3237

src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Symfony\Component\Security\Tests\Http\RememberMe;
1313

14+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1415
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
1516
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
1617
use Symfony\Component\HttpFoundation\Request;
@@ -41,7 +42,22 @@ public function testRememberMeCookieIsSentWithResponse()
4142
$listener->onKernelResponse($this->getEvent($request, $response));
4243
}
4344

44-
public function testRemmeberMeCookieIsNotSendWithResponse()
45+
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
46+
{
47+
$cookie = new Cookie('rememberme');
48+
49+
$request = $this->getRequest(array(
50+
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
51+
));
52+
53+
$response = $this->getResponse();
54+
$response->headers->expects($this->never())->method('setCookie');
55+
56+
$listener = new ResponseListener();
57+
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
58+
}
59+
60+
public function testRememberMeCookieIsNotSendWithResponse()
4561
{
4662
$request = $this->getRequest();
4763

@@ -78,13 +94,14 @@ private function getResponse()
7894
return $response;
7995
}
8096

81-
private function getEvent($request, $response)
97+
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
8298
{
8399
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
84100
->disableOriginalConstructor()
85101
->getMock();
86102

87103
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
104+
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
88105
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
89106

90107
return $event;

0 commit comments

Comments
 (0)
0