New in Symfony 3.2: HttpFoundation improvements
Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.
A new cookie attribute called
same-site allows applications to disable
third-party usage for any cookie. This helps protect users against CSRF attacks,
because without the cookies, attackers can't see you logged in to the websites
In Symfony 3.2, the
Cookie class constructor added a ninth argument called
$sameSite that can take any of the values defined in the
1 2 3
use Symfony\Component\HttpFoundation\Cookie; $cookie = new Cookie(..., Cookie::SAMESITE_LAX);
The strict mode prevents any cross-site usage for the cookie. In the lax mode, some top-level GET requests are allowed, such as clicking on a link to another website or sending a form with GET method.
Previously, if you performed a
301 permanent redirect and didn't set a cache
no-cache header was added by Symfony. In Symfony 3.2 this
behavior has changed and now
301 redirects don't add the
automatically, but they maintain it if you set it explicitly.
Symfony 3.2 also fixes another inconsistency related to cache headers. When the
no-cache header is present, Symfony now also adds the
so the response contains
no-cache, private instead of just
HTTP safe methods are those that just retrieve resources but don't modify,
delete or create them (only
HEAD methods are considered safe).
Request class includes a
isMethodSafe() method to check whether the
given HTTP method is considered safe or not.
HTTP idempotent methods are those that can be used in a sequence of several
requests and get the same result without any other side-effect. For example
PUT is idempotent because after two identical requests the resource has
still the same state (it's always replaced) but
POST is not idempotent
because after two identical requests you will end up with two resources that
have the same content.
In Symfony 3.2 we added a new method called
isMethodIdempotent() to check
whether the given HTTP method is idempotent or not.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.