From 728a19220b69f8ff1185ce934765d860186b2081 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 3 Mar 2022 11:39:01 +0100 Subject: [PATCH 1/8] [HttpKernel] Remove private headers before storing responses with HttpCache --- HttpCache/Store.php | 20 +++++++++++++++++--- Tests/HttpCache/StoreTest.php | 13 +++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/HttpCache/Store.php b/HttpCache/Store.php index eeb7a6ef94..43bd7c8082 100644 --- a/HttpCache/Store.php +++ b/HttpCache/Store.php @@ -26,19 +26,29 @@ class Store implements StoreInterface { protected $root; private $keyCache; - private $locks; + private $locks = []; + private $options; /** + * Constructor. + * + * The available options are: + * + * * private_headers Set of response headers that should not be stored + * when a response is cached. (default: Set-Cookie) + * * @throws \RuntimeException */ - public function __construct(string $root) + public function __construct(string $root, array $options = []) { $this->root = $root; if (!file_exists($this->root) && !@mkdir($this->root, 0777, true) && !is_dir($this->root)) { throw new \RuntimeException(sprintf('Unable to create the store directory (%s).', $this->root)); } $this->keyCache = new \SplObjectStorage(); - $this->locks = []; + $this->options = array_merge([ + 'private_headers' => ['Set-Cookie'], + ], $options); } /** @@ -215,6 +225,10 @@ public function write(Request $request, Response $response) $headers = $this->persistResponse($response); unset($headers['age']); + foreach ($this->options['private_headers'] as $h) { + unset($headers[strtolower($h)]); + } + array_unshift($entries, [$storedEnv, $headers]); if (!$this->save($key, serialize($entries))) { diff --git a/Tests/HttpCache/StoreTest.php b/Tests/HttpCache/StoreTest.php index da1f649127..239361bc8c 100644 --- a/Tests/HttpCache/StoreTest.php +++ b/Tests/HttpCache/StoreTest.php @@ -12,8 +12,10 @@ namespace Symfony\Component\HttpKernel\Tests\HttpCache; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Cookie; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\HttpCache\HttpCache; use Symfony\Component\HttpKernel\HttpCache\Store; class StoreTest extends TestCase @@ -317,6 +319,17 @@ public function testPurgeHttpAndHttps() $this->assertEmpty($this->getStoreMetadata($requestHttps)); } + public function testDoesNotStorePrivateHeaders() + { + $request = Request::create('https://example.com/foo'); + $response = new Response('foo'); + $response->headers->setCookie(Cookie::fromString('foo=bar')); + + $this->store->write($request, $response); + $this->assertArrayNotHasKey('set-cookie', $this->getStoreMetadata($request)[0][1]); + $this->assertNotEmpty($response->headers->getCookies()); + } + protected function storeSimpleEntry($path = null, $headers = []) { if (null === $path) { From 4e36db8103062c62b3882b1bd297b02de6b021c4 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 28 Nov 2022 18:58:43 +0100 Subject: [PATCH 2/8] Update VERSION for 4.4.49 --- Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel.php b/Kernel.php index ce28585fe1..be36bc6346 100644 --- a/Kernel.php +++ b/Kernel.php @@ -76,12 +76,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private static $freshCache = []; - public const VERSION = '4.4.49-DEV'; + public const VERSION = '4.4.49'; public const VERSION_ID = 40449; public const MAJOR_VERSION = 4; public const MINOR_VERSION = 4; public const RELEASE_VERSION = 49; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public const END_OF_MAINTENANCE = '11/2022'; public const END_OF_LIFE = '11/2023'; From ee371cd7718c938d1bffdf868b665003aeeae69c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 14:37:42 +0100 Subject: [PATCH 3/8] Update VERSION for 5.4.19 --- Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel.php b/Kernel.php index 8f12b88e81..d354205eb1 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static $freshCache = []; - public const VERSION = '5.4.19-DEV'; + public const VERSION = '5.4.19'; public const VERSION_ID = 50419; public const MAJOR_VERSION = 5; public const MINOR_VERSION = 4; public const RELEASE_VERSION = 19; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public const END_OF_MAINTENANCE = '11/2024'; public const END_OF_LIFE = '11/2025'; From 441e106d6026b86a9e7cb0e645a0b3c038899742 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 14:41:59 +0100 Subject: [PATCH 4/8] Bump Symfony version to 5.4.20 --- Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Kernel.php b/Kernel.php index d354205eb1..3126ebd31a 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static $freshCache = []; - public const VERSION = '5.4.19'; - public const VERSION_ID = 50419; + public const VERSION = '5.4.20-DEV'; + public const VERSION_ID = 50420; public const MAJOR_VERSION = 5; public const MINOR_VERSION = 4; - public const RELEASE_VERSION = 19; - public const EXTRA_VERSION = ''; + public const RELEASE_VERSION = 20; + public const EXTRA_VERSION = 'DEV'; public const END_OF_MAINTENANCE = '11/2024'; public const END_OF_LIFE = '11/2025'; From 0a01b69b46b1be6d3c252307c8d683de56d4541f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 14:42:21 +0100 Subject: [PATCH 5/8] Update VERSION for 6.0.19 --- Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel.php b/Kernel.php index 2d08c05a85..a874adba56 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static array $freshCache = []; - public const VERSION = '6.0.19-DEV'; + public const VERSION = '6.0.19'; public const VERSION_ID = 60019; public const MAJOR_VERSION = 6; public const MINOR_VERSION = 0; public const RELEASE_VERSION = 19; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public const END_OF_MAINTENANCE = '01/2023'; public const END_OF_LIFE = '01/2023'; From d8a773b418385226ab715aa6d61f54e0e94a2c5f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 16:21:34 +0100 Subject: [PATCH 6/8] Bump Symfony version to 6.0.20 --- Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Kernel.php b/Kernel.php index a874adba56..075bb8aa3c 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static array $freshCache = []; - public const VERSION = '6.0.19'; - public const VERSION_ID = 60019; + public const VERSION = '6.0.20-DEV'; + public const VERSION_ID = 60020; public const MAJOR_VERSION = 6; public const MINOR_VERSION = 0; - public const RELEASE_VERSION = 19; - public const EXTRA_VERSION = ''; + public const RELEASE_VERSION = 20; + public const EXTRA_VERSION = 'DEV'; public const END_OF_MAINTENANCE = '01/2023'; public const END_OF_LIFE = '01/2023'; From 949057183c1d1c142d8bc356a25317077d05b266 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 16:23:56 +0100 Subject: [PATCH 7/8] Update VERSION for 6.1.11 --- Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel.php b/Kernel.php index e9a423af64..3d4f014dcd 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static array $freshCache = []; - public const VERSION = '6.1.11-DEV'; + public const VERSION = '6.1.11'; public const VERSION_ID = 60111; public const MAJOR_VERSION = 6; public const MINOR_VERSION = 1; public const RELEASE_VERSION = 11; - public const EXTRA_VERSION = 'DEV'; + public const EXTRA_VERSION = ''; public const END_OF_MAINTENANCE = '01/2023'; public const END_OF_LIFE = '01/2023'; From 17a5e8830cdc3371989215f4e1994d0ab272898d Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 24 Jan 2023 16:32:44 +0100 Subject: [PATCH 8/8] Bump Symfony version to 6.1.12 --- Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Kernel.php b/Kernel.php index 3d4f014dcd..b8a1257953 100644 --- a/Kernel.php +++ b/Kernel.php @@ -78,12 +78,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl */ private static array $freshCache = []; - public const VERSION = '6.1.11'; - public const VERSION_ID = 60111; + public const VERSION = '6.1.12-DEV'; + public const VERSION_ID = 60112; public const MAJOR_VERSION = 6; public const MINOR_VERSION = 1; - public const RELEASE_VERSION = 11; - public const EXTRA_VERSION = ''; + public const RELEASE_VERSION = 12; + public const EXTRA_VERSION = 'DEV'; public const END_OF_MAINTENANCE = '01/2023'; public const END_OF_LIFE = '01/2023';