From 5777e50f69566732579bf381d2cbcb2f2695d015 Mon Sep 17 00:00:00 2001
From: David Grudl <david@grudl.com>
Date: Wed, 25 Aug 2021 17:21:38 +0200
Subject: [PATCH] HttpExtension: added option 'disableNetteCookie' [Closes
 #205]

---
 src/Bridges/HttpDI/HttpExtension.php          | 11 ++++---
 ...Extension.sameSiteProtection.disabled.phpt | 32 +++++++++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 tests/Http.DI/HttpExtension.sameSiteProtection.disabled.phpt

diff --git a/src/Bridges/HttpDI/HttpExtension.php b/src/Bridges/HttpDI/HttpExtension.php
index 5a1796c2..173bbcd7 100644
--- a/src/Bridges/HttpDI/HttpExtension.php
+++ b/src/Bridges/HttpDI/HttpExtension.php
@@ -43,6 +43,7 @@ public function getConfigSchema(): Nette\Schema\Schema
 			'cookiePath' => Expect::string(),
 			'cookieDomain' => Expect::string(),
 			'cookieSecure' => Expect::anyOf('auto', null, true, false)->firstIsDefault(), // Whether the cookie is available only through HTTPS
+			'disableNetteCookie' => Expect::bool(false), // disables cookie use by Nette
 		]);
 	}
 
@@ -133,10 +134,12 @@ private function sendHeaders()
 			}
 		}
 
-		$this->initialization->addBody(
-			'Nette\Http\Helpers::initCookie($this->getService(?), $response);',
-			[$this->prefix('request')]
-		);
+		if (!$config->disableNetteCookie) {
+			$this->initialization->addBody(
+				'Nette\Http\Helpers::initCookie($this->getService(?), $response);',
+				[$this->prefix('request')]
+			);
+		}
 	}
 
 
diff --git a/tests/Http.DI/HttpExtension.sameSiteProtection.disabled.phpt b/tests/Http.DI/HttpExtension.sameSiteProtection.disabled.phpt
new file mode 100644
index 00000000..42edb79b
--- /dev/null
+++ b/tests/Http.DI/HttpExtension.sameSiteProtection.disabled.phpt
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+use Nette\Bridges\HttpDI\HttpExtension;
+use Nette\DI;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+if (PHP_SAPI === 'cli') {
+	Tester\Environment::skip('Headers are not testable in CLI mode');
+}
+
+
+$compiler = new DI\Compiler;
+$compiler->addExtension('http', new HttpExtension);
+$loader = new DI\Config\Loader;
+$config = $loader->load(Tester\FileMock::create(<<<'EOD'
+http:
+	disableNetteCookie: yes
+EOD
+, 'neon'));
+
+eval($compiler->addConfig($config)->compile());
+
+$container = new Container;
+$container->initialize();
+
+$headers = headers_list();
+Assert::notContains('Set-Cookie: _nss=1', implode('', $headers));