From 8d60402a6857d9bc4afd69a9ff5b16a079e680bf Mon Sep 17 00:00:00 2001
From: Aina Sitraka <35221835+aynsix@users.noreply.github.com>
Date: Wed, 12 Jul 2023 12:14:09 +0300
Subject: [PATCH] secure locale cookie (#4333)

---
 lib/Alchemy/Phrasea/Controller/Root/RootController.php          | 2 +-
 .../Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Alchemy/Phrasea/Controller/Root/RootController.php b/lib/Alchemy/Phrasea/Controller/Root/RootController.php
index f842827b0f..8a11b8b31d 100644
--- a/lib/Alchemy/Phrasea/Controller/Root/RootController.php
+++ b/lib/Alchemy/Phrasea/Controller/Root/RootController.php
@@ -37,7 +37,7 @@ public function getRoot()
     public function setLocale($locale)
     {
         $response = $this->app->redirectPath('root');
-        $response->headers->setCookie(new Cookie('locale', $locale));
+        $response->headers->setCookie(new Cookie('locale', $locale, 0, '/', null, true, false));
 
         $authenticatedUser = $this->getAuthenticatedUser();
 
diff --git a/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php b/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php
index 9eeea98fea..42e84c52cb 100644
--- a/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php
+++ b/lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php
@@ -81,7 +81,7 @@ public function addLocaleCookie(FilterResponseEvent $event)
         $cookies = $event->getRequest()->cookies;
 
         if (isset($this->locale) && (false === $cookies->has('locale') || $cookies->get('locale') !== $this->locale)) {
-            $event->getResponse()->headers->setCookie(new Cookie('locale', $this->locale, 0,  '/',  null, false, false));
+            $event->getResponse()->headers->setCookie(new Cookie('locale', $this->locale, 0,  '/',  null, true, false));
         }
     }
 }