Skip to content
Permalink
Browse files

Add secure flag option for CsrfComponent.

  • Loading branch information...
markstory committed Nov 8, 2013
1 parent b5a9bf7 commit b516145f8093665737f7327f1e4efde49622c0c6
@@ -44,6 +44,7 @@ class CsrfComponent extends Component {
*
* - cookieName = The name of the cookie to send.
* - expiry = How long the CSRF token should last. Defaults to browser session.
* - secure = Whether or not the cookie will be set with the Secure flag. Defaults to false.
* - field = The form field to check. Changing this will also require configuring
* FormHelper.
*
@@ -52,6 +53,7 @@ class CsrfComponent extends Component {
public $settings = [
'cookieName' => 'csrfToken',
'expiry' => 0,
'secure' => false,
'field' => '_csrfToken',
];
@@ -111,6 +113,7 @@ protected function _setCookie(Request $request, Response $response) {
'value' => $value,
'expiry' => $settings['expiry'],
'path' => $request->base,
'secure' => $settings['secure'],
]);
}
@@ -203,6 +203,7 @@ public function testConfigurationCookieCreate() {
$component = new CsrfComponent($this->registry, [
'cookieName' => 'token',
'expiry' => 90,
'secure' => true
]);
$event = new Event('Controller.startup', $controller);
@@ -214,6 +215,7 @@ public function testConfigurationCookieCreate() {
$this->assertRegExp('/^[a-f0-9]+$/', $cookie['value'], 'Should look like a hash.');
$this->assertEquals(90, $cookie['expiry'], 'session duration.');
$this->assertEquals('/dir', $cookie['path'], 'session path.');
$this->assertTrue($cookie['secure'], 'cookie security flag missing');
}
/**

0 comments on commit b516145

Please sign in to comment.
You can’t perform that action at this time.