Skip to content

[Security] Handle properly 'auto' option for remember me cookie security #40537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 23, 2021
Merged

[Security] Handle properly 'auto' option for remember me cookie security #40537

merged 1 commit into from
Mar 23, 2021

Conversation

fliespl
Copy link
Contributor

@fliespl fliespl commented Mar 22, 2021

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #40471
License MIT
Doc PR n/a

Manually setting remember_me cookie secure as auto is still is being set as secure one even if used over http.

This PR fixes this behaviour by converting auto to null prior setting it up for service.

@fliespl fliespl requested review from chalasr and wouterj as code owners March 22, 2021 08:34
@carsonbot carsonbot added this to the 4.4 milestone Mar 22, 2021
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 5.x branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@carsonbot
Copy link

Hey!

This is.. this is amazing. Thank you!

I think @Pchol has recently worked with this code. Maybe they can help review this?

Cheers!

Carsonbot

@nicolas-grekas
Copy link
Member

Thank you @fliespl.

@nicolas-grekas nicolas-grekas merged commit 9a8e2c2 into symfony:4.4 Mar 23, 2021
This was referenced Mar 29, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

@wouterj wouterj Awaiting requested review from wouterj wouterj is a code owner

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
4.4
Development

Successfully merging this pull request may close these issues.
3 participants
@fliespl @carsonbot @nicolas-grekas