secure locale cookie (#4333)

alchemy-fr · Jul 12, 2023 · 8d60402 · 8d60402
1 parent 12851c1
commit 8d60402
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/Alchemy/Phrasea/Controller/Root/RootController.php b/lib/Alchemy/Phrasea/Controller/Root/RootController.php
@@ -37,7 +37,7 @@ public function getRoot()
     public function setLocale($locale)
     {
         $response = $this->app->redirectPath('root');
-        $response->headers->setCookie(new Cookie('locale', $locale));
+        $response->headers->setCookie(new Cookie('locale', $locale, 0, '/', null, true, false));
 
         $authenticatedUser = $this->getAuthenticatedUser();
 

diff --git a/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php b/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php
@@ -81,7 +81,7 @@ public function addLocaleCookie(FilterResponseEvent $event)
         $cookies = $event->getRequest()->cookies;
 
         if (isset($this->locale) && (false === $cookies->has('locale') || $cookies->get('locale') !== $this->locale)) {
-            $event->getResponse()->headers->setCookie(new Cookie('locale', $this->locale, 0,  '/',  null, false, false));
+            $event->getResponse()->headers->setCookie(new Cookie('locale', $this->locale, 0,  '/',  null, true, false));
         }
     }
 }