Preserve HttpOnly value when deserializing a header
The specification states that the cookie should be considered http only if and only if the flag is present. See https://www.owasp.org/index.php/HttpOnly
This commit is contained in:
parent
48bb1953b9
commit
73187d0003
@ -46,7 +46,7 @@ class Cookie
|
||||
'path' => '/',
|
||||
'domain' => null,
|
||||
'secure' => false,
|
||||
'httponly' => true,
|
||||
'httponly' => false,
|
||||
'raw' => !$decode,
|
||||
'samesite' => null,
|
||||
);
|
||||
|
@ -200,6 +200,15 @@ class CookieTest extends TestCase
|
||||
$this->assertEquals(new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true, true, true), $cookie);
|
||||
|
||||
$cookie = Cookie::fromString('foo=bar', true);
|
||||
$this->assertEquals(new Cookie('foo', 'bar'), $cookie);
|
||||
$this->assertEquals(new Cookie('foo', 'bar', 0, '/', null, false, false), $cookie);
|
||||
}
|
||||
|
||||
public function testFromStringWithHttpOnly()
|
||||
{
|
||||
$cookie = Cookie::fromString('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly');
|
||||
$this->assertTrue($cookie->isHttpOnly());
|
||||
|
||||
$cookie = Cookie::fromString('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure');
|
||||
$this->assertFalse($cookie->isHttpOnly());
|
||||
}
|
||||
}
|
||||
|
@ -241,12 +241,12 @@ class ResponseHeaderBagTest extends TestCase
|
||||
{
|
||||
$bag = new ResponseHeaderBag();
|
||||
$bag->set('set-cookie', 'foo=bar');
|
||||
$this->assertEquals(array(new Cookie('foo', 'bar', 0, '/', null, false, true, true)), $bag->getCookies());
|
||||
$this->assertEquals(array(new Cookie('foo', 'bar', 0, '/', null, false, false, true)), $bag->getCookies());
|
||||
|
||||
$bag->set('set-cookie', 'foo2=bar2', false);
|
||||
$this->assertEquals(array(
|
||||
new Cookie('foo', 'bar', 0, '/', null, false, true, true),
|
||||
new Cookie('foo2', 'bar2', 0, '/', null, false, true, true),
|
||||
new Cookie('foo', 'bar', 0, '/', null, false, false, true),
|
||||
new Cookie('foo2', 'bar2', 0, '/', null, false, false, true),
|
||||
), $bag->getCookies());
|
||||
|
||||
$bag->remove('set-cookie');
|
||||
|
Reference in New Issue
Block a user