src/Subscriber/PunchoutCookiePolicySubscriber.php line 35

Open in your IDE?
  1. <?php
  2. declare(strict_types=1);
  4. namespace App\Subscriber;
  6. use App\Store\StoreContext;
  7. use Psr\Log\LoggerInterface;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  10. use Symfony\Component\HttpKernel\KernelEvents;
  12. /**
  13. * @see config/packages/framework.yaml
  14. */
  15. class PunchoutCookiePolicySubscriber implements EventSubscriberInterface
  16. {
  17. private StoreContext $storeContext;
  18. private LoggerInterface $logger;
  20. public function __construct(StoreContext $storeContext, LoggerInterface $logger)
  21. {
  22. $this->storeContext = $storeContext;
  23. $this->logger = $logger;
  24. }
  26. public static function getSubscribedEvents(): array
  27. {
  28. // run after Symfony\Component\HttpKernel\EventListener\SessionListener::onKernelResponse()
  29. return [KernelEvents::RESPONSE => ['onKernelResponse', -1001]];
  30. }
  32. /**
  33. * Change cookie samesite=lax to samesite=none for punchout store requests
  34. */
  35. public function onKernelResponse(ResponseEvent $event): void
  36. {
  37. if (!$this->storeContext->isPunchoutStore()) {
  38. return;
  39. }
  41. $response = $event->getResponse();
  42. $cookieList = $response->headers->getCookies();
  44. foreach ($cookieList as $cookie) {
  45. $name = $cookie->getName();
  46. if ($name !== 'PHPSESSID') {
  47. continue;
  48. }
  50. $updatedCookie = $cookie->withSameSite('none');
  51. $response->headers->setCookie($updatedCookie);
  53. if (!$event->getRequest()->isSecure()) {
  54. $this->logger->error('Cookie PHPSESSID is ignored by browser, due to browser security with settings samesite=none and non-https connection.');
  55. }
  56. }
  57. }
  58. }