[FEATURE] Only set cookies for HTTP Responses in PSR-15 middlewares
In previous TYPO3 versions, AbstractUserAuthentication emitted cookies directly via header() or setcookie() methods. In order to have a better testing scenario, this change builds Cookie objects and keeps them until a PSR-15 middleware asks to apply the cookie information to a PSR-7 Response. This also makes it possible to manipulate the authentication cookies in Middlewares. AbstractUserAuthentication does not actually "remove" or "set" a cookie but rather keeps the information for setting a cookie. Resolves: #93011 Releases: master Change-Id: Iaec0007a1347676bc3ba570b4b5a1da63d58d7e6 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67032 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Showing
- Build/Scripts/duplicateExceptionCodeCheck.sh 1 addition, 0 deletionsBuild/Scripts/duplicateExceptionCodeCheck.sh
- typo3/sysext/backend/Classes/Middleware/BackendUserAuthenticator.php 42 additions, 14 deletions...t/backend/Classes/Middleware/BackendUserAuthenticator.php
- typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php 35 additions, 16 deletions...ore/Classes/Authentication/AbstractUserAuthentication.php
- typo3/sysext/core/Documentation/Changelog/master/Feature-93011-Authentication-relatedCookiesAreAttachedToPSR-7Responses.rst 31 additions, 0 deletions...hentication-relatedCookiesAreAttachedToPSR-7Responses.rst
- typo3/sysext/frontend/Classes/Middleware/FrontendUserAuthenticator.php 1 addition, 0 deletions...frontend/Classes/Middleware/FrontendUserAuthenticator.php
Please register or sign in to comment