diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index a8e18632..fafd81b9 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -183,6 +183,7 @@ jobs: - cs-lint - test-mutant - test-leak + - test-mess-detector strategy: matrix: dockerCompose: @@ -222,6 +223,7 @@ jobs: - cs-lint - test-mutant - test-leak + - test-mess-detector steps: - uses: actions/checkout@v3 - run: mkdir -p /tmp/docker diff --git a/CHANGELOG.md b/CHANGELOG.md index 381454a6..47140695 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add PHP Mess Detector, closes #114. - Set configuration framework.disallow_search_engine_index explicitly to false to disable the HTTP tag X-Robots-Tag, closes #123. +### Changed +- NGINX Unit strips all cookie headers from responses, closes #124. ## 0.0.28 - 2023-09-14 ### Added diff --git a/docker/nginx-unit/unit.json b/docker/nginx-unit/unit.json index 68c5c1f3..57854e9a 100755 --- a/docker/nginx-unit/unit.json +++ b/docker/nginx-unit/unit.json @@ -29,6 +29,9 @@ "share": "/var/www/html/public$uri", "fallback": { "pass": "applications/symfony/index" + }, + "response_headers": { + "Set-Cookie": null } } } diff --git a/tests/ExampleGeneration/BaseRequestTestCase.php b/tests/ExampleGeneration/BaseRequestTestCase.php index b772844b..29610d47 100644 --- a/tests/ExampleGeneration/BaseRequestTestCase.php +++ b/tests/ExampleGeneration/BaseRequestTestCase.php @@ -8,7 +8,7 @@ abstract class BaseRequestTestCase extends \App\Tests\FeatureTests\BaseRequestTe { private const IGNORED_HEADERS = ['Date', 'Location']; - private const REMOVED_HEADERS = ['X-Debug-Token', 'X-Debug-Token-Link', 'Set-Cookie']; + private const REMOVED_HEADERS = ['X-Debug-Token', 'X-Debug-Token-Link']; public function getHeadersFromRequest(ResponseInterface $response): string {