bug #23426 Fixed HttpOnly flag when using Cookie::fromString() (Toflar)

This PR was merged into the 3.3 branch. Discussion ---------- Fixed HttpOnly flag when using Cookie::fromString() | Q | A | ------------- | --- | Branch? | 3.3 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #23424 | License | MIT | Doc PR | - Using `Cookie::fromString()` should not set the `HttpOnly` flag to `true` by default. This is a factory method and it should create an instance of `Cookie` that represents exactly what the string contains. Commits ------- 73187d0003 Preserve HttpOnly value when deserializing a header
2017-07-06 12:19:04 +03:00 · 2017-07-06 12:19:04 +03:00 · 71c6f9962b
commit 71c6f9962b
parent 48bb1953b9 73187d0003
3 changed files with 14 additions and 5 deletions
--- a/src/Symfony/Component/HttpFoundation/Cookie.php
+++ b/src/Symfony/Component/HttpFoundation/Cookie.php
@ -46,7 +46,7 @@ class Cookie
            'path' => '/',
            'domain' => null,
            'secure' => false,
-            'httponly' => true,
+            'httponly' => false,
            'raw' => !$decode,
            'samesite' => null,
        );
--- a/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
@ -200,6 +200,15 @@ class CookieTest extends TestCase
        $this->assertEquals(new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, true), $cookie);

        $cookie = Cookie::fromString('foo=bar', true);
-        $this->assertEquals(new Cookie('foo', 'bar'), $cookie);
+        $this->assertEquals(new Cookie('foo', 'bar', 0, '/', null, false, false), $cookie);
+    }
+
+    public function testFromStringWithHttpOnly()
+    {
+        $cookie = Cookie::fromString('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly');
+        $this->assertTrue($cookie->isHttpOnly());
+
+        $cookie = Cookie::fromString('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure');
+        $this->assertFalse($cookie->isHttpOnly());
    }
 }
--- a/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/ResponseHeaderBagTest.php
@ -241,12 +241,12 @@ class ResponseHeaderBagTest extends TestCase
    {
        $bag = new ResponseHeaderBag();
        $bag->set('set-cookie', 'foo=bar');
-        $this->assertEquals(array(new Cookie('foo', 'bar', 0, '/', null, false, true, true)), $bag->getCookies());
+        $this->assertEquals(array(new Cookie('foo', 'bar', 0, '/', null, false, false, true)), $bag->getCookies());

        $bag->set('set-cookie', 'foo2=bar2', false);
        $this->assertEquals(array(
-            new Cookie('foo', 'bar', 0, '/', null, false, true, true),
-            new Cookie('foo2', 'bar2', 0, '/', null, false, true, true),
+            new Cookie('foo', 'bar', 0, '/', null, false, false, true),
+            new Cookie('foo2', 'bar2', 0, '/', null, false, false, true),
        ), $bag->getCookies());

        $bag->remove('set-cookie');