[HttpFoundation] Fix clearing CHIPS cookies

misaert · nicolas-grekas · commit 6a848e17eede · 2024-02-01T09:38:14.000+01:00
diff --git a/EventListener/CookieClearingLogoutListener.php b/EventListener/CookieClearingLogoutListener.php
@@ -40,7 +40,7 @@ public function onLogout(LogoutEvent $event): void
         }
 
         foreach ($this->cookies as $cookieName => $cookieData) {
-            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null);
+            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null, $cookieData['partitioned'] ?? false);
         }
     }
 
diff --git a/Tests/EventListener/CookieClearingLogoutListenerTest.php b/Tests/EventListener/CookieClearingLogoutListenerTest.php
@@ -27,7 +27,7 @@ public function testLogout()
         $event = new LogoutEvent(new Request(), null);
         $event->setResponse($response);
 
-        $listener = new CookieClearingLogoutListener(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT], 'foo2' => ['path' => null, 'domain' => null]]);
+        $listener = new CookieClearingLogoutListener(['foo' => ['path' => '/foo', 'domain' => 'foo.foo', 'secure' => true, 'samesite' => Cookie::SAMESITE_STRICT, 'partitioned' => true], 'foo2' => ['path' => null, 'domain' => null]]);
 
         $cookies = $response->headers->getCookies();
         $this->assertCount(0, $cookies);
@@ -43,6 +43,7 @@ public function testLogout()
         $this->assertEquals('foo.foo', $cookie->getDomain());
         $this->assertEquals(Cookie::SAMESITE_STRICT, $cookie->getSameSite());
         $this->assertTrue($cookie->isSecure());
+        $this->assertTrue($cookie->isPartitioned());
         $this->assertTrue($cookie->isCleared());
 
         $cookie = $cookies['']['/']['foo2'];
@@ -51,6 +52,7 @@ public function testLogout()
         $this->assertNull($cookie->getDomain());
         $this->assertNull($cookie->getSameSite());
         $this->assertFalse($cookie->isSecure());
+        $this->assertFalse($cookie->isPartitioned());
         $this->assertTrue($cookie->isCleared());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ public function onLogout(LogoutEvent $event): void`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`foreach ($this->cookies as $cookieName => $cookieData) {`
`43`		`- $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null);`
	`43`	`+ $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain'], $cookieData['secure'] ?? false, true, $cookieData['samesite'] ?? null, $cookieData['partitioned'] ?? false);`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`