diff options
| author | blanchonvincent <blanchon.vincent@gmail.com> | 2014-11-16 14:48:58 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-01-03 11:24:57 +0100 |
| commit | a8f79f9d391cef033babe65e041f9fe457062bc1 (patch) | |
| tree | ea9777d4a3ffb66142ad87150f257474a8dd648a | |
| parent | 00cfda134e85ea2a8ca208139cc84c4bcd2a012d (diff) | |
| download | symfony-security-a8f79f9d391cef033babe65e041f9fe457062bc1.zip symfony-security-a8f79f9d391cef033babe65e041f9fe457062bc1.tar.gz symfony-security-a8f79f9d391cef033babe65e041f9fe457062bc1.tar.bz2 | |
[Security] Don't send remember cookie for sub request
| -rw-r--r-- | Http/RememberMe/ResponseListener.php | 4 | ||||
| -rw-r--r-- | Tests/Http/RememberMe/ResponseListenerTest.php | 22 |
2 files changed, 24 insertions, 2 deletions
diff --git a/Http/RememberMe/ResponseListener.php b/Http/RememberMe/ResponseListener.php index 2253c5d..4149fb6 100644 --- a/Http/RememberMe/ResponseListener.php +++ b/Http/RememberMe/ResponseListener.php @@ -27,6 +27,10 @@ class ResponseListener implements EventSubscriberInterface */ public function onKernelResponse(FilterResponseEvent $event) { + if (!$event->isMasterRequest()) { + return; + } + $request = $event->getRequest(); $response = $event->getResponse(); diff --git a/Tests/Http/RememberMe/ResponseListenerTest.php b/Tests/Http/RememberMe/ResponseListenerTest.php index 59e5fe2..074172c 100644 --- a/Tests/Http/RememberMe/ResponseListenerTest.php +++ b/Tests/Http/RememberMe/ResponseListenerTest.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Tests\Http\RememberMe; +use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\Security\Http\RememberMe\ResponseListener; use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\HttpFoundation\Request; @@ -41,7 +42,22 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase $listener->onKernelResponse($this->getEvent($request, $response)); } - public function testRemmeberMeCookieIsNotSendWithResponse() + public function testRememberMeCookieIsNotSendWithResponseForSubRequests() + { + $cookie = new Cookie('rememberme'); + + $request = $this->getRequest(array( + RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie, + )); + + $response = $this->getResponse(); + $response->headers->expects($this->never())->method('setCookie'); + + $listener = new ResponseListener(); + $listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST)); + } + + public function testRememberMeCookieIsNotSendWithResponse() { $request = $this->getRequest(); @@ -78,13 +94,15 @@ class ResponseListenerTest extends \PHPUnit_Framework_TestCase return $response; } - private function getEvent($request, $response) + private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST) { $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent') ->disableOriginalConstructor() ->getMock(); $event->expects($this->any())->method('getRequest')->will($this->returnValue($request)); + $event->expects($this->any())->method('getRequestType')->will($this->returnValue($type)); + $event->expects($this->any())->method('isMasterRequest')->will($this->returnValue($type === HttpKernelInterface::MASTER_REQUEST)); $event->expects($this->any())->method('getResponse')->will($this->returnValue($response)); return $event; |