Fix SameSite attribute conversion from PSR7 to HttpFoundation

ajgarlag · nicolas-grekas · commit 5ee1f8f2530a · 2019-03-11T15:46:02.000+01:00
diff --git a/Factory/HttpFoundationFactory.php b/Factory/HttpFoundationFactory.php
@@ -210,6 +210,12 @@ private function createCookie($cookie)
 
                 continue;
             }
+
+            if ('samesite' === strtolower($name) && null !== $value) {
+                $samesite = $value;
+
+                continue;
+            }
         }
 
         if (!isset($cookieName)) {
@@ -223,7 +229,9 @@ private function createCookie($cookie)
             isset($cookiePath) ? $cookiePath : '/',
             isset($cookieDomain) ? $cookieDomain : null,
             isset($cookieSecure),
-            isset($cookieHttpOnly)
+            isset($cookieHttpOnly),
+            false,
+            isset($samesite) ? $samesite : null
         );
     }
 }
diff --git a/Tests/Factory/HttpFoundationFactoryTest.php b/Tests/Factory/HttpFoundationFactoryTest.php
@@ -19,6 +19,7 @@
 use Symfony\Bridge\PsrHttpMessage\Tests\Fixtures\Stream;
 use Symfony\Bridge\PsrHttpMessage\Tests\Fixtures\UploadedFile;
 use Symfony\Bridge\PsrHttpMessage\Tests\Fixtures\Uri;
+use Symfony\Component\HttpFoundation\Cookie;
 
 /**
  * @author Kévin Dunglas <dunglas@gmail.com>
@@ -199,7 +200,7 @@ public function testCreateResponse()
                 'Set-Cookie' => array(
                     'theme=light',
                     'test',
-                    'ABC=AeD; Domain=dunglas.fr; Path=/kevin; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly',
+                    'ABC=AeD; Domain=dunglas.fr; Path=/kevin; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly; SameSite=Strict',
                 ),
             ),
             new Stream('The response body'),
@@ -230,6 +231,9 @@ public function testCreateResponse()
         $this->assertEquals('/kevin', $cookies[2]->getPath());
         $this->assertTrue($cookies[2]->isSecure());
         $this->assertTrue($cookies[2]->isHttpOnly());
+        if (defined('Symfony\Component\HttpFoundation\Cookie::SAMESITE_STRICT')) {
+            $this->assertEquals(Cookie::SAMESITE_STRICT, $cookies[2]->getSameSite());
+        }
 
         $this->assertEquals('The response body', $symfonyResponse->getContent());
         $this->assertEquals(200, $symfonyResponse->getStatusCode());

Original file line number	Diff line number	Diff line change
`@@ -210,6 +210,12 @@ private function createCookie($cookie)`
`210`	`210`
`211`	`211`	`continue;`
`212`	`212`	`}`
	`213`	`+`
	`214`	`+ if ('samesite' === strtolower($name) && null !== $value) {`
	`215`	`+ $samesite = $value;`
	`216`	`+`
	`217`	`+ continue;`
	`218`	`+ }`
`213`	`219`	`}`
`214`	`220`
`215`	`221`	`if (!isset($cookieName)) {`
`@@ -223,7 +229,9 @@ private function createCookie($cookie)`
`223`	`229`	`isset($cookiePath) ? $cookiePath : '/',`
`224`	`230`	`isset($cookieDomain) ? $cookieDomain : null,`
`225`	`231`	`isset($cookieSecure),`
`226`		`- isset($cookieHttpOnly)`
	`232`	`+ isset($cookieHttpOnly),`
	`233`	`+ false,`
	`234`	`+ isset($samesite) ? $samesite : null`
`227`	`235`	`);`
`228`	`236`	`}`
`229`	`237`	`}`