diff --git a/src/Illuminate/Cookie/CookieJar.php b/src/Illuminate/Cookie/CookieJar.php index ec7540ae3350..9ea4d7c4189b 100755 --- a/src/Illuminate/Cookie/CookieJar.php +++ b/src/Illuminate/Cookie/CookieJar.php @@ -29,6 +29,13 @@ class CookieJar implements JarContract */ protected $secure = false; + /** + * The default httpOnly setting (defaults to true). + * + * @var bool + */ + protected $httpOnly = true; + /** * All of the cookies queued for sending. * @@ -48,9 +55,9 @@ class CookieJar implements JarContract * @param bool $httpOnly * @return \Symfony\Component\HttpFoundation\Cookie */ - public function make($name, $value, $minutes = 0, $path = null, $domain = null, $secure = false, $httpOnly = true) + public function make($name, $value, $minutes = 0, $path = null, $domain = null, $secure = null, $httpOnly = null) { - list($path, $domain, $secure) = $this->getPathAndDomain($path, $domain, $secure); + list($path, $domain, $secure, $httpOnly) = $this->getPathAndDomain($path, $domain, $secure, $httpOnly); $time = ($minutes == 0) ? 0 : time() + ($minutes * 60); @@ -68,7 +75,7 @@ public function make($name, $value, $minutes = 0, $path = null, $domain = null, * @param bool $httpOnly * @return \Symfony\Component\HttpFoundation\Cookie */ - public function forever($name, $value, $path = null, $domain = null, $secure = false, $httpOnly = true) + public function forever($name, $value, $path = null, $domain = null, $secure = null, $httpOnly = null) { return $this->make($name, $value, 2628000, $path, $domain, $secure, $httpOnly); } @@ -143,11 +150,12 @@ public function unqueue($name) * @param string $path * @param string $domain * @param bool $secure + * @param bool $httpOnly * @return array */ - protected function getPathAndDomain($path, $domain, $secure = false) + protected function getPathAndDomain($path, $domain, $secure = null, $httpOnly = null) { - return [$path ?: $this->path, $domain ?: $this->domain, $secure ?: $this->secure]; + return [$path ?: $this->path, $domain ?: $this->domain, isset($secure) ? $secure : $this->secure, isset($httpOnly) ? $httpOnly : $this->httpOnly]; } /** @@ -156,11 +164,12 @@ protected function getPathAndDomain($path, $domain, $secure = false) * @param string $path * @param string $domain * @param bool $secure + * @param bool $httpOnly * @return $this */ - public function setDefaultPathAndDomain($path, $domain, $secure = false) + public function setDefaultPathAndDomain($path, $domain, $secure = null, $httpOnly = null) { - list($this->path, $this->domain, $this->secure) = [$path, $domain, $secure]; + list($this->path, $this->domain, $this->secure, $this->httpOnly) = [$path, $domain, $secure, $httpOnly]; return $this; } diff --git a/src/Illuminate/Cookie/CookieServiceProvider.php b/src/Illuminate/Cookie/CookieServiceProvider.php index cd04f12d6145..eead2294da76 100755 --- a/src/Illuminate/Cookie/CookieServiceProvider.php +++ b/src/Illuminate/Cookie/CookieServiceProvider.php @@ -2,6 +2,7 @@ namespace Illuminate\Cookie; +use Illuminate\Support\Arr; use Illuminate\Support\ServiceProvider; class CookieServiceProvider extends ServiceProvider @@ -16,7 +17,7 @@ public function register() $this->app->singleton('cookie', function ($app) { $config = $app['config']['session']; - return (new CookieJar)->setDefaultPathAndDomain($config['path'], $config['domain'], $config['secure']); + return (new CookieJar)->setDefaultPathAndDomain($config['path'], $config['domain'], $config['secure'], Arr::get($config, 'http_only', true)); }); } } diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php index fa3b255e137a..a2bc3bf08945 100644 --- a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php +++ b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php @@ -3,8 +3,8 @@ namespace Illuminate\Foundation\Http\Middleware; use Closure; +use Illuminate\Support\Arr; use Illuminate\Foundation\Application; -use Symfony\Component\HttpFoundation\Cookie; use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Session\TokenMismatchException; @@ -133,9 +133,8 @@ protected function addCookieToResponse($request, $response) $config = config('session'); $response->headers->setCookie( - new Cookie( - 'XSRF-TOKEN', $request->session()->token(), time() + 60 * 120, - $config['path'], $config['domain'], $config['secure'], false + cookie()->make( + 'XSRF-TOKEN', $request->session()->token(), 120, null, null, null, Arr::get($config, 'http_only', false) ) ); diff --git a/src/Illuminate/Foundation/helpers.php b/src/Illuminate/Foundation/helpers.php index 3fc4c9887c7e..8a979c174b91 100644 --- a/src/Illuminate/Foundation/helpers.php +++ b/src/Illuminate/Foundation/helpers.php @@ -241,7 +241,7 @@ function config_path($path = '') * @param bool $httpOnly * @return \Symfony\Component\HttpFoundation\Cookie */ - function cookie($name = null, $value = null, $minutes = 0, $path = null, $domain = null, $secure = false, $httpOnly = true) + function cookie($name = null, $value = null, $minutes = 0, $path = null, $domain = null, $secure = null, $httpOnly = null) { $cookie = app(CookieFactory::class); diff --git a/src/Illuminate/Session/Middleware/StartSession.php b/src/Illuminate/Session/Middleware/StartSession.php index f3dc493c6e5d..8a4753c09d27 100644 --- a/src/Illuminate/Session/Middleware/StartSession.php +++ b/src/Illuminate/Session/Middleware/StartSession.php @@ -180,7 +180,7 @@ protected function addCookieToResponse(Response $response, SessionInterface $ses if ($this->sessionIsPersistent($config = $this->manager->getSessionConfig())) { $response->headers->setCookie(new Cookie( $session->getName(), $session->getId(), $this->getCookieExpirationDate(), - $config['path'], $config['domain'], Arr::get($config, 'secure', false) + $config['path'], $config['domain'], Arr::get($config, 'secure', false), Arr::get($config, 'http_only', true) )); } }