search

symfony / mercure

The Mercure Component allows to easily push updates to web browsers and other HTTP clients using the Mercure protocol.
https://symfony.com/doc/current/components/mercure.html
MIT License
413 stars 39 forks source link

Feature: Authorization cookie sameSite would be nice to be configurable #92

Closed silverbackdan closed 1 year ago

silverbackdan commented 1 year ago

Something like this:

mercure:
    hubs:
        default:
            url: '%env(MERCURE_URL)%'
            public_url: '%env(MERCURE_PUBLIC_URL)%'
            jwt:
              secret: '%env(MERCURE_JWT_SECRET)%'
              publish: '*'
              cookie: 
                  lifetime: xxx # this is currently default_cookie_lifetime
                  sameSite: '%env(MERCURE_JWT_SAMESITE)%'

Or perhaps an argument in Authorization::createCookie method

But then, we would probably want in the clearCookie method too. So probably nice to work in the same way that the cookie lifetime is configurable from the consturctor.

Perhaps a little rework of where to define cookie variables so that they are in the same place too?

Thoughts?