HttpExtension: option 'sameSiteProtection' does not change session co…

…okie flag 'samesite'
nette · Mar 9, 2019 · d9405cc · d9405cc
1 parent f1f8dad
commit d9405cc
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/src/Bridges/HttpDI/HttpExtension.php b/src/Bridges/HttpDI/HttpExtension.php
@@ -82,11 +82,6 @@ public function beforeCompile()
 			$builder->getDefinitionByType(Nette\Http\Session::class)
 				->addSetup('setOptions', [['cookie_secure' => $value]]);
 		}
-
-		if (!empty($this->config['sameSiteProtection'])) {
-			$builder->getDefinitionByType(Nette\Http\Session::class)
-				->addSetup('setOptions', [['cookie_samesite' => 'Lax']]);
-		}
 	}
 
 

diff --git a/tests/Http.DI/HttpExtension.sameSiteProtection.phpt b/tests/Http.DI/HttpExtension.sameSiteProtection.phpt
@@ -36,4 +36,4 @@ Assert::contains(
 		: 'Set-Cookie: nette-samesite=1; path=/; SameSite=Strict; HttpOnly',
 	$headers
 );
-Assert::same('Lax', $container->getService('session.session')->getOptions()['cookie_samesite']);
+Assert::true(empty($container->getService('session.session')->getOptions()['cookie_samesite']));