Skip to content

Commit

Permalink
Merge branch '6.1' into 6.2
Browse files Browse the repository at this point in the history
* 6.1:
  [HttpFoundation] Fix bad return type in IpUtils::checkIp4()
  [DependencyInjection] Fix order of arguments when mixing positional and named ones
  [HttpClient] Fix collecting data non-late for the profiler
  [Security/Http] Fix compat of persistent remember-me with legacy tokens
  Bump Symfony version to 6.1.12
  Update VERSION for 6.1.11
  Update CHANGELOG for 6.1.11
  Bump Symfony version to 6.0.20
  Update VERSION for 6.0.19
  Update CHANGELOG for 6.0.19
  Bump Symfony version to 5.4.20
  Update VERSION for 5.4.19
  Update CONTRIBUTORS for 5.4.19
  Update CHANGELOG for 5.4.19
  [Security/Http] Remove CSRF tokens from storage on successful login
  [HttpKernel] Remove private headers before storing responses with HttpCache
  • Loading branch information
nicolas-grekas committed Jan 30, 2023
2 parents 3ef78f0 + dc741f8 commit 9a396cb
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
17 changes: 16 additions & 1 deletion HttpCache/Store.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,28 @@ class Store implements StoreInterface
private \SplObjectStorage $keyCache;
/** @var array<string, resource> */
private array $locks = [];
private array $options;

/**
* Constructor.
*
* The available options are:
*
* * private_headers Set of response headers that should not be stored
* when a response is cached. (default: Set-Cookie)
*
* @throws \RuntimeException
*/
public function __construct(string $root)
public function __construct(string $root, array $options = [])
{
$this->root = $root;
if (!is_dir($this->root) && !@mkdir($this->root, 0777, true) && !is_dir($this->root)) {
throw new \RuntimeException(sprintf('Unable to create the store directory (%s).', $this->root));
}
$this->keyCache = new \SplObjectStorage();
$this->options = array_merge([
'private_headers' => ['Set-Cookie'],
], $options);
}

/**
Expand Down Expand Up @@ -212,6 +223,10 @@ public function write(Request $request, Response $response): string
$headers = $this->persistResponse($response);
unset($headers['age']);

foreach ($this->options['private_headers'] as $h) {
unset($headers[strtolower($h)]);
}

array_unshift($entries, [$storedEnv, $headers]);

if (!$this->save($key, serialize($entries))) {
Expand Down
13 changes: 13 additions & 0 deletions Tests/HttpCache/StoreTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@
namespace Symfony\Component\HttpKernel\Tests\HttpCache;

use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\HttpCache\HttpCache;
use Symfony\Component\HttpKernel\HttpCache\Store;

class StoreTest extends TestCase
Expand Down Expand Up @@ -317,6 +319,17 @@ public function testPurgeHttpAndHttps()
$this->assertEmpty($this->getStoreMetadata($requestHttps));
}

public function testDoesNotStorePrivateHeaders()
{
$request = Request::create('https://example.com/foo');
$response = new Response('foo');
$response->headers->setCookie(Cookie::fromString('foo=bar'));

$this->store->write($request, $response);
$this->assertArrayNotHasKey('set-cookie', $this->getStoreMetadata($request)[0][1]);
$this->assertNotEmpty($response->headers->getCookies());
}

protected function storeSimpleEntry($path = null, $headers = [])
{
$path ??= '/test';
Expand Down

0 comments on commit 9a396cb

Please sign in to comment.