diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-06-19 09:31:47 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-06-22 08:38:44 +0200 |
| commit | fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb (patch) | |
| tree | 3634d762f08b16e4dbfe8ad737d37f741296ce77 | |
| parent | 6cd224a3a826bef2a666d70a8cf0c4368c81b181 (diff) | |
| download | nextcloud-server-fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb.tar.gz nextcloud-server-fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb.zip | |
Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | lib/private/AppFramework/App.php | 5 | ||||
| -rw-r--r-- | lib/private/AppFramework/Http/Output.php | 16 | ||||
| -rw-r--r-- | lib/public/AppFramework/Http/IOutput.php | 3 | ||||
| -rw-r--r-- | lib/public/AppFramework/Http/Response.php | 5 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Http/ResponseTest.php | 19 |
5 files changed, 36 insertions, 12 deletions
diff --git a/lib/private/AppFramework/App.php b/lib/private/AppFramework/App.php index e02f372e41c..ea97ea4096d 100644 --- a/lib/private/AppFramework/App.php +++ b/lib/private/AppFramework/App.php @@ -151,6 +151,8 @@ class App { if ($value['expireDate'] instanceof \DateTime) { $expireDate = $value['expireDate']->getTimestamp(); } + $sameSite = $value['sameSite'] ?? 'Lax'; + $io->setCookie( $name, $value['value'], @@ -158,7 +160,8 @@ class App { $container->getServer()->getWebRoot(), null, $container->getServer()->getRequest()->getServerProtocol() === 'https', - true + true, + $sameSite ); } diff --git a/lib/private/AppFramework/Http/Output.php b/lib/private/AppFramework/Http/Output.php index fd95f370360..8777c1970a6 100644 --- a/lib/private/AppFramework/Http/Output.php +++ b/lib/private/AppFramework/Http/Output.php @@ -92,8 +92,20 @@ class Output implements IOutput { * @param bool $secure * @param bool $httpOnly */ - public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { + public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly, $sameSite = 'Lax') { $path = $this->webRoot ? : '/'; - setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); + + if (PHP_VERSION_ID < 70300) { + setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); + } else { + setcookie($name, $value, [ + 'expires' => $expire, + 'path' => $path, + 'domain' => $domain, + 'secure' => $secure, + 'httponly' => $httpOnly, + 'samesite' => $sameSite + ]); + } } } diff --git a/lib/public/AppFramework/Http/IOutput.php b/lib/public/AppFramework/Http/IOutput.php index 888c9f45b23..39543dc9bf1 100644 --- a/lib/public/AppFramework/Http/IOutput.php +++ b/lib/public/AppFramework/Http/IOutput.php @@ -72,7 +72,8 @@ interface IOutput { * @param string $domain * @param bool $secure * @param bool $httpOnly + * @param string $sameSite (added in 20) * @since 8.1.0 */ - public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); + public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly, $sameSite = 'Lax'); } diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php index 6f418e42553..832e0b96247 100644 --- a/lib/public/AppFramework/Http/Response.php +++ b/lib/public/AppFramework/Http/Response.php @@ -133,11 +133,12 @@ class Response { * @param \DateTime|null $expireDate Date on that the cookie should expire, if set * to null cookie will be considered as session * cookie. + * @param string $sameSite The samesite value of the cookie. Defaults to Lax. Other possibilities are Strict or None * @return $this * @since 8.0.0 */ - public function addCookie($name, $value, \DateTime $expireDate = null) { - $this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate]; + public function addCookie($name, $value, \DateTime $expireDate = null, $sameSite = 'Lax') { + $this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate, 'sameSite' => $sameSite]; return $this; } diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php index f33d0a0089d..ea1e74de50e 100644 --- a/tests/lib/AppFramework/Http/ResponseTest.php +++ b/tests/lib/AppFramework/Http/ResponseTest.php @@ -108,10 +108,12 @@ class ResponseTest extends \Test\TestCase { 'foo' => [ 'value' => 'bar', 'expireDate' => null, + 'sameSite' => 'Lax', ], 'bar' => [ 'value' => 'foo', - 'expireDate' => new \DateTime('1970-01-01') + 'expireDate' => new \DateTime('1970-01-01'), + 'sameSite' => 'Lax', ] ]; $this->assertEquals($expectedResponse, $this->childResponse->getCookies()); @@ -143,7 +145,8 @@ class ResponseTest extends \Test\TestCase { $expected = [ 'foo' => [ 'value' => 'expired', - 'expireDate' => new \DateTime('1971-01-01') + 'expireDate' => new \DateTime('1971-01-01'), + 'sameSite' => 'Lax', ] ]; @@ -159,11 +162,13 @@ class ResponseTest extends \Test\TestCase { $expected = [ 'foo' => [ 'value' => 'bar', - 'expireDate' => null + 'expireDate' => null, + 'sameSite' => 'Lax', ], 'bar' => [ 'value' => 'foo', - 'expireDate' => null + 'expireDate' => null, + 'sameSite' => 'Lax', ] ]; $cookies = $this->childResponse->getCookies(); @@ -173,11 +178,13 @@ class ResponseTest extends \Test\TestCase { $expected = [ 'foo' => [ 'value' => 'expired', - 'expireDate' => new \DateTime('1971-01-01') + 'expireDate' => new \DateTime('1971-01-01'), + 'sameSite' => 'Lax', ], 'bar' => [ 'value' => 'expired', - 'expireDate' => new \DateTime('1971-01-01') + 'expireDate' => new \DateTime('1971-01-01'), + 'sameSite' => 'Lax', ] ]; |