[Security] Don't send remember cookie for sub request

symfony · Jan 3, 2015 · 119b091 · 119b091
1 parent d2e951b
commit 119b091
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php b/src/Symfony/Component/Security/Http/RememberMe/ResponseListener.php
@@ -27,6 +27,10 @@ class ResponseListener implements EventSubscriberInterface
      */
     public function onKernelResponse(FilterResponseEvent $event)
     {
+        if (!$event->isMasterRequest()) {
+            return;
+        }
+
         $request = $event->getRequest();
         $response = $event->getResponse();
 

diff --git a/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php b/src/Symfony/Component/Security/Tests/Http/RememberMe/ResponseListenerTest.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Tests\Http\RememberMe;
 
+use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\Security\Http\RememberMe\ResponseListener;
 use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -41,7 +42,22 @@ public function testRememberMeCookieIsSentWithResponse()
         $listener->onKernelResponse($this->getEvent($request, $response));
     }
 
-    public function testRemmeberMeCookieIsNotSendWithResponse()
+    public function testRememberMeCookieIsNotSendWithResponseForSubRequests()
+    {
+        $cookie = new Cookie('rememberme');
+
+        $request = $this->getRequest(array(
+            RememberMeServicesInterface::COOKIE_ATTR_NAME => $cookie,
+        ));
+
+        $response = $this->getResponse();
+        $response->headers->expects($this->never())->method('setCookie');
+
+        $listener = new ResponseListener();
+        $listener->onKernelResponse($this->getEvent($request, $response, HttpKernelInterface::SUB_REQUEST));
+    }
+
+    public function testRememberMeCookieIsNotSendWithResponse()
     {
         $request = $this->getRequest();
 
@@ -78,13 +94,15 @@ private function getResponse()
         return $response;
     }
 
-    private function getEvent($request, $response)
+    private function getEvent($request, $response, $type = HttpKernelInterface::MASTER_REQUEST)
     {
         $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\FilterResponseEvent')
             ->disableOriginalConstructor()
             ->getMock();
 
         $event->expects($this->any())->method('getRequest')->will($this->returnValue($request));
+        $event->expects($this->any())->method('getRequestType')->will($this->returnValue($type));
+        $event->expects($this->any())->method('isMasterRequest')->will($this->returnValue($type === HttpKernelInterface::MASTER_REQUEST));
         $event->expects($this->any())->method('getResponse')->will($this->returnValue($response));
 
         return $event;