Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

do not leak the Symfony-Session-NoAutoCacheControl header when the Symfony session system is not enabled. #516

Merged
merged 1 commit into from Apr 12, 2019

Conversation

Projects
None yet
2 participants
@dbu
Copy link
Contributor

commented Mar 12, 2019

fix #512

@dbu dbu force-pushed the without-session branch from 85be046 to 929f9ca Mar 12, 2019

@dbu dbu requested a review from Tobion Mar 12, 2019

@@ -146,7 +156,7 @@ public function onKernelRequest(GetResponseEvent $event)
$response->setClientTtl($this->options['ttl']);
$response->setVary($this->options['user_identifier_headers']);
$response->setPublic();
if (4 <= Kernel::MAJOR_VERSION && 1 <= Kernel::MINOR_VERSION) {
if ($this->hasSessionListener && version_compare('4.1', Kernel::VERSION, '<=')) {

This comment has been minimized.

Copy link
@dbu

dbu Mar 12, 2019

Author Contributor

the old code would have been broken with symfony 5.0.
<= comparator seems to work with all php versions: https://3v4l.org/GCltV

This comment has been minimized.

Copy link
@AyrtonRicardo

AyrtonRicardo Apr 12, 2019

The old code failed with 5.0, but works with 5.1: https://3v4l.org/PtroA

This comment has been minimized.

Copy link
@dbu

dbu Apr 12, 2019

Author Contributor

exactly. thanks for looking at this, reminds me that i should merge it.

@dbu dbu merged commit f8de402 into master Apr 12, 2019

4 checks passed

Scrutinizer 2 new issues, 2 updated code elements
Details
continuous-integration/styleci/pr The analysis has passed
Details
continuous-integration/styleci/push The analysis has passed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@dbu dbu deleted the without-session branch Apr 12, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.