Skip to content

Commit 428d0f7

Browse files
iangcarrollfabpot
iangcarroll
authored and
fabpot
committed
Adds support for the SameSite attribute in cookies.
1 parent afed2f8 commit 428d0f7

File tree

1 file changed

+26
-1
lines changed

1 file changed

+26
-1
lines changed

src/Symfony/Component/HttpFoundation/Cookie.php

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,10 @@ class Cookie
2626
protected $secure;
2727
protected $httpOnly;
2828
private $raw;
29+
private $sameSite;
30+
31+
const SAMESITE_LAX = 'lax';
32+
const SAMESITE_STRICT = 'strict';
2933

3034
/**
3135
* Constructor.
@@ -38,10 +42,11 @@ class Cookie
3842
* @param bool $secure Whether the cookie should only be transmitted over a secure HTTPS connection from the client
3943
* @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
4044
* @param bool $raw Whether the cookie value should be sent with no url encoding
45+
* @param string|null $sameSite Whether the cookie will be available for cross-site requests
4146
*
4247
* @throws \InvalidArgumentException
4348
*/
44-
public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true, $raw = false)
49+
public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true, $raw = false, $sameSite = null)
4550
{
4651
// from PHP source code
4752
if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {
@@ -71,6 +76,12 @@ public function __construct($name, $value = null, $expire = 0, $path = '/', $dom
7176
$this->secure = (bool) $secure;
7277
$this->httpOnly = (bool) $httpOnly;
7378
$this->raw = (bool) $raw;
79+
80+
if (!in_array($sameSite, array(self::SAMESITE_LAX, self::SAMESITE_STRICT, null))) {
81+
throw new \InvalidArgumentException('The sameSite parameter is not valid.');
82+
}
83+
84+
$this->sameSite = $sameSite;
7485
}
7586

7687
/**
@@ -108,6 +119,10 @@ public function __toString()
108119
$str .= '; httponly';
109120
}
110121

122+
if (null !== $this->getSameSite()) {
123+
$str .= '; samesite='.$this->getSameSite();
124+
}
125+
111126
return $str;
112127
}
113128

@@ -200,4 +215,14 @@ public function isRaw()
200215
{
201216
return $this->raw;
202217
}
218+
219+
/**
220+
* Gets the SameSite attribute.
221+
*
222+
* @return string|null
223+
*/
224+
public function getSameSite()
225+
{
226+
return $this->sameSite;
227+
}
203228
}

0 commit comments

Comments
 (0)