HttpExtension: option 'sameSiteProtection' does not change session cookie flag 'samesite'

dg · dg · commit d9405cc194ba · 2019-03-09T03:21:55.000+01:00
diff --git a/src/Bridges/HttpDI/HttpExtension.php b/src/Bridges/HttpDI/HttpExtension.php
@@ -82,11 +82,6 @@ public function beforeCompile()
 			$builder->getDefinitionByType(Nette\Http\Session::class)
 				->addSetup('setOptions', [['cookie_secure' => $value]]);
 		}
-
-		if (!empty($this->config['sameSiteProtection'])) {
-			$builder->getDefinitionByType(Nette\Http\Session::class)
-				->addSetup('setOptions', [['cookie_samesite' => 'Lax']]);
-		}
 	}
 
 
diff --git a/tests/Http.DI/HttpExtension.sameSiteProtection.phpt b/tests/Http.DI/HttpExtension.sameSiteProtection.phpt
@@ -36,4 +36,4 @@ Assert::contains(
 		: 'Set-Cookie: nette-samesite=1; path=/; SameSite=Strict; HttpOnly',
 	$headers
 );
-Assert::same('Lax', $container->getService('session.session')->getOptions()['cookie_samesite']);
+Assert::true(empty($container->getService('session.session')->getOptions()['cookie_samesite']));

Original file line number	Diff line number	Diff line change
`@@ -82,11 +82,6 @@ public function beforeCompile()`
`82`	`82`	`$builder->getDefinitionByType(Nette\Http\Session::class)`
`83`	`83`	`->addSetup('setOptions', [['cookie_secure' => $value]]);`
`84`	`84`	`}`
`85`		`-`
`86`		`- if (!empty($this->config['sameSiteProtection'])) {`
`87`		`- $builder->getDefinitionByType(Nette\Http\Session::class)`
`88`		`- ->addSetup('setOptions', [['cookie_samesite' => 'Lax']]);`
`89`		`- }`
`90`	`85`	`}`
`91`	`86`
`92`	`87`