Skip to content
This repository was archived by the owner on May 31, 2024. It is now read-only.

Commit fca8c99

Browse files
fabpotfabpot
committed
Merge branch '2.3' into 2.5
* 2.3: adapted previous commit for 2.3 [Security] Don't send remember cookie for sub request [HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri Conflicts: src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
2 parents 21a953b + 63e8574 commit fca8c99

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

Http/RememberMe/ResponseListener.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1515
use Symfony\Component\HttpKernel\KernelEvents;
16+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1617
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
1718

1819
/**
@@ -27,6 +28,10 @@ class ResponseListener implements EventSubscriberInterface
2728
*/
2829
public function onKernelResponse(FilterResponseEvent $event)
2930
{
31+
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
32+
return;
33+
}
34+
3035
$request = $event->getRequest();
3136
$response = $event->getResponse();
3237

Http/Tests/RememberMe/ResponseListenerTest.php

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
namespace Symfony\Component\Security\Http\Tests\RememberMe;
1313

14+
use Symfony\Component\HttpKernel\HttpKernelInterface;
1415
use Symfony\Component\Security\Http\RememberMe\ResponseListener;
1516
use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
1617
use Symfony\Component\HttpFoundation\Request;
@@ -34,6 +35,21 @@ public function testRememberMeCookieIsSentWithResponse()
3435
$listener->onKernelResponse($this->getEvent($request, $response));
3536
}
3637

38+
public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
39+
{
40+
$cookie = new Cookie('rememberme');
41+
42+
$request = $this->getRequest(array(
43+
RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
44+
));
45+
46+
$response = $this->getResponse();
47+
$response->headers->expects($this->never())->method('setCookie');
48+
49+
$listener = new ResponseListener();
50+
$listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
51+
}
52+
3753
public function testRememberMeCookieIsNotSendWithResponse()
3854
{
3955
$request = $this->getRequest();
@@ -71,13 +87,14 @@ private function getResponse()
7187
return $response;
7288
}
7389

74-
private function getEvent($request, $response)
90+
private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
7591
{
7692
$event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
7793
->disableOriginalConstructor()
7894
->getMock();
7995

8096
$event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
97+
$event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
8198
$event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
8299

83100
return $event;

0 commit comments

Comments
 (0)