bug #12491 [Security] Don't send remember cookie for sub request (blanchonvincent)
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #12491). Discussion ---------- [Security] Don't send remember cookie for sub request | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Remember cookie shouldn't be sent for sub request Commits -------ec38936
adapted previous commit for 2.3119b091
[Security] Don't send remember cookie for sub request
This commit is contained in:
commit
2ecf45c0f2
|
@ -13,6 +13,7 @@ namespace Symfony\Component\Security\Http\RememberMe;
|
|||
|
||||
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
|
||||
use Symfony\Component\HttpKernel\KernelEvents;
|
||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
||||
|
||||
/**
|
||||
|
@ -27,6 +28,10 @@ class ResponseListener implements EventSubscriberInterface
|
|||
*/
|
||||
public function onKernelResponse(FilterResponseEvent $event)
|
||||
{
|
||||
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$request = $event->getRequest();
|
||||
$response = $event->getResponse();
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
namespace Symfony\Component\Security\Tests\Http\RememberMe;
|
||||
|
||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
|
||||
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
@ -41,7 +42,22 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
|
|||
$listener->onKernelResponse($this->getEvent($request, $response));
|
||||
}
|
||||
|
||||
public function testRemmeberMeCookieIsNotSendWithResponse()
|
||||
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
|
||||
{
|
||||
$cookie = new Cookie('rememberme');
|
||||
|
||||
$request = $this->getRequest(array(
|
||||
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
|
||||
));
|
||||
|
||||
$response = $this->getResponse();
|
||||
$response->headers->expects($this->never())->method('setCookie');
|
||||
|
||||
$listener = new ResponseListener();
|
||||
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
|
||||
}
|
||||
|
||||
public function testRememberMeCookieIsNotSendWithResponse()
|
||||
{
|
||||
$request = $this->getRequest();
|
||||
|
||||
|
@ -78,13 +94,14 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase
|
|||
return $response;
|
||||
}
|
||||
|
||||
private function getEvent($request, $response)
|
||||
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
|
||||
{
|
||||
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
|
||||
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
|
||||
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
|
||||
|
||||
return $event;
|
||||
|
|
Reference in New Issue