Response::setCookie() supports SameSite

https://tools.ietf.org/html/draft-west-first-party-cookies-07
nette · Jan 23, 2017 · 9979093 · 9979093
1 parent e16c095
commit 9979093
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/src/Http/Response.php b/src/Http/Response.php
@@ -234,14 +234,15 @@ public function __destruct()
 	 * @return static
 	 * @throws Nette\InvalidStateException  if HTTP headers have been sent
 	 */
-	public function setCookie(string $name, string $value, $time, string $path = NULL, string $domain = NULL, bool $secure = NULL, bool $httpOnly = NULL)
+	public function setCookie(string $name, string $value, $time, string $path = NULL, string $domain = NULL, bool $secure = NULL, bool $httpOnly = NULL, string $sameSite = NULL)
 	{
+		$sameSite = $sameSite ? "; SameSite=$sameSite" : '';
 		self::checkHeaders();
 		setcookie(
 			$name,
 			$value,
 			$time ? (int) DateTime::from($time)->format('U') : 0,
-			$path === NULL ? $this->cookiePath : $path,
+			($path === NULL ? $this->cookiePath : $path) . $sameSite,
 			$domain === NULL ? $this->cookieDomain : $domain,
 			$secure === NULL ? $this->cookieSecure : $secure,
 			$httpOnly === NULL ? $this->cookieHttpOnly : $httpOnly

diff --git a/tests/Http/Response.setCookie.phpt b/tests/Http/Response.setCookie.phpt
@@ -33,3 +33,10 @@ $headers = array_values(array_diff(headers_list(), $old, ['Set-Cookie:']));
 Assert::same([
 	'Set-Cookie: test=newvalue; path=/; HttpOnly',
 ], $headers);
+
+
+$response->setCookie('test', 'newvalue', 0, NULL, NULL, NULL, NULL, 'Lax');
+$headers = array_values(array_diff(headers_list(), $old, ['Set-Cookie:']));
+Assert::same([
+	'Set-Cookie: test=newvalue; path=/; SameSite=Lax; HttpOnly',
+], $headers);