NGINX Unit strips all cookie headers from responses, closes #124.

.github/workflows/ci-test.yml

@@ -183,6 +183,7 @@ jobs:
       - cs-lint
       - test-mutant
       - test-leak
+      - test-mess-detector
     strategy:
       matrix:
         dockerCompose:
@@ -222,6 +223,7 @@ jobs:
       - cs-lint
       - test-mutant
       - test-leak
+      - test-mess-detector
     steps:
       - uses: actions/checkout@v3
       - run: mkdir -p /tmp/docker

CHANGELOG.md

@@ -13,6 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add PHP Mess Detector, closes #114.
 - Set configuration framework.disallow_search_engine_index explicitly to false to disable the HTTP tag X-Robots-Tag,
   closes #123.
+### Changed
+- NGINX Unit strips all cookie headers from responses, closes #124.
 
 ## 0.0.28 - 2023-09-14
 ### Added

docker/nginx-unit/unit.json

@@ -29,6 +29,9 @@
                 "share": "/var/www/html/public$uri",
                 "fallback": {
                     "pass": "applications/symfony/index"
+                },
+                "response_headers": {
+                    "Set-Cookie": null
                 }
             }
         }

tests/ExampleGeneration/BaseRequestTestCase.php

@@ -8,7 +8,7 @@ abstract class BaseRequestTestCase extends \App\Tests\FeatureTests\BaseRequestTe
 {
     private const IGNORED_HEADERS = ['Date', 'Location'];
 
-    private const REMOVED_HEADERS = ['X-Debug-Token', 'X-Debug-Token-Link', 'Set-Cookie'];
+    private const REMOVED_HEADERS = ['X-Debug-Token', 'X-Debug-Token-Link'];
 
     public function getHeadersFromRequest(ResponseInterface $response): string
     {