[HttpFoundation] Fix clearing CHIPS cookies

misaert · nicolas-grekas · commit d68e6995538e · 2024-02-01T09:38:14.000+01:00
diff --git a/ResponseHeaderBag.php b/ResponseHeaderBag.php
@@ -234,11 +234,15 @@ public function getCookies(string $format = self::COOKIES_FLAT): array
     /**
      * Clears a cookie in the browser.
      *
+     * @param bool $partitioned
+     *
      * @return void
      */
-    public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null)
+    public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null /* , bool $partitioned = false */)
     {
-        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));
+        $partitioned = 6 < \func_num_args() ? \func_get_arg(6) : false;
+
+        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite, $partitioned));
     }
 
     /**
diff --git a/Tests/ResponseHeaderBagTest.php b/Tests/ResponseHeaderBagTest.php
@@ -136,6 +136,14 @@ public function testClearCookieSamesite()
         $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d M Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);
     }
 
+    public function testClearCookiePartitioned()
+    {
+        $bag = new ResponseHeaderBag([]);
+
+        $bag->clearCookie('foo', '/', null, true, false, 'none', true);
+        $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d M Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none; partitioned', $bag);
+    }
+
     public function testReplace()
     {
         $bag = new ResponseHeaderBag([]);

Original file line number	Diff line number	Diff line change
`@@ -234,11 +234,15 @@ public function getCookies(string $format = self::COOKIES_FLAT): array`
`234`	`234`	`/**`
`235`	`235`	`* Clears a cookie in the browser.`
`236`	`236`	`*`
	`237`	`+ * @param bool $partitioned`
	`238`	`+ *`
`237`	`239`	`* @return void`
`238`	`240`	`*/`
`239`		`- public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null)`
	`241`	`+ public function clearCookie(string $name, ?string $path = '/', ?string $domain = null, bool $secure = false, bool $httpOnly = true, ?string $sameSite = null /* , bool $partitioned = false */)`
`240`	`242`	`{`
`241`		`- $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));`
	`243`	`+ $partitioned = 6 < \func_num_args() ? \func_get_arg(6) : false;`
	`244`	`+`
	`245`	`+ $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite, $partitioned));`
`242`	`246`	`}`
`243`	`247`
`244`	`248`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -136,6 +136,14 @@ public function testClearCookieSamesite()`
`136`	`136`	`$this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d M Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);`
`137`	`137`	`}`
`138`	`138`
	`139`	`+ public function testClearCookiePartitioned()`
	`140`	`+ {`
	`141`	`+ $bag = new ResponseHeaderBag([]);`
	`142`	`+`
	`143`	`+ $bag->clearCookie('foo', '/', null, true, false, 'none', true);`
	`144`	`+ $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d M Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none; partitioned', $bag);`
	`145`	`+ }`
	`146`	`+`
`139`	`147`	`public function testReplace()`
`140`	`148`	`{`
`141`	`149`	`$bag = new ResponseHeaderBag([]);`