From e35b9218cf582fcbfbb31cc530d74c27d27607a3 Mon Sep 17 00:00:00 2001
From: Ismael Ambrosi <ismael@vividcortex.com>
Date: Mon, 17 Dec 2018 10:07:32 -0300
Subject: [PATCH 1/4] Define all Cookie arguments explicitly

This adds support for Symfony 4.2, which deprecates not defining all the arguments as some of their default values are scheduled to change in Symfony 5.0.
---
 EventListener/AngularCsrfCookieListener.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/EventListener/AngularCsrfCookieListener.php b/EventListener/AngularCsrfCookieListener.php
index f24d34a..e491d09 100644
--- a/EventListener/AngularCsrfCookieListener.php
+++ b/EventListener/AngularCsrfCookieListener.php
@@ -102,7 +102,9 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->cookiePath,
             $this->cookieDomain,
             $this->cookieSecure,
-            false
+            false /* httpOnly */,
+            false /* raw */,
+            null  /* sameSite */
         ));
     }
 }

From 7ba32a1b107b47a0965a6c6bf370fbb6afd3771e Mon Sep 17 00:00:00 2001
From: Ismael Ambrosi <ismael@vividcortex.com>
Date: Tue, 5 Feb 2019 18:02:08 -0300
Subject: [PATCH 2/4] Set Cookie $sameSite as `lax` instead of null

This is the default value as of Symfony 4.2, and makes cookies safer as they won't be sent along with cross-site requests.

Also, added missing prediction when registering the cookie in the ResponseHeaderBag.
---
 EventListener/AngularCsrfCookieListener.php                  | 2 +-
 .../EventListener/AngularCsrfCookieListenerSpec.php          | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/EventListener/AngularCsrfCookieListener.php b/EventListener/AngularCsrfCookieListener.php
index e491d09..e780f64 100644
--- a/EventListener/AngularCsrfCookieListener.php
+++ b/EventListener/AngularCsrfCookieListener.php
@@ -104,7 +104,7 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->cookieSecure,
             false /* httpOnly */,
             false /* raw */,
-            null  /* sameSite */
+            Cookie::SAMESITE_LAX
         ));
     }
 }
diff --git a/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php b/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
index c1f0982..e45d8ea 100644
--- a/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
+++ b/spec/Dunglas/AngularCsrfBundle/EventListener/AngularCsrfCookieListenerSpec.php
@@ -79,7 +79,10 @@ public function it_sets_cookie_when_it_does(
         Response $response,
         ResponseHeaderBag $headers
     ) {
-        $headers->setCookie(Argument::type('Symfony\Component\HttpFoundation\Cookie'));
+        $headers->setCookie(Argument::allOf(
+            Argument::type('Symfony\Component\HttpFoundation\Cookie'),
+            Argument::which('getSameSite', 'lax')
+        ))->shouldBeCalled();
         $response->headers = $headers;
 
         $event->getRequestType()->willReturn(HttpKernelInterface::MASTER_REQUEST)->shouldBeCalled();

From f22250f3188e837294c73a9012b7f08039c8942b Mon Sep 17 00:00:00 2001
From: Ismael Ambrosi <ismael@vividcortex.com>
Date: Wed, 24 Apr 2019 11:15:01 -0300
Subject: [PATCH 3/4] Define PHP version in cinst instruction

This ensures appveyor uses PHP 7.2 and not a default version(currently 7.3)
---
 appveyor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appveyor.yml b/appveyor.yml
index 72d34b8..aee87de 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -10,7 +10,7 @@ init:
 
 install:
   - ps: Set-Service wuauserv -StartupType Manual
-  - cinst -y php
+  - cinst -y php --version 7.2.17
   - cd c:\tools\php72
   - copy php.ini-production php.ini /Y
   - echo date.timezone="UTC" >> php.ini

From 2253796d5102b812fb93647801d9752359ea0f13 Mon Sep 17 00:00:00 2001
From: Ismael Ambrosi <ismael@vividcortex.com>
Date: Wed, 24 Apr 2019 11:41:53 -0300
Subject: [PATCH 4/4] Fixed tests after new method call in Symfony 4.2.6 and
 3.4.25

---
 .../DependencyInjection/DunglasAngularCsrfExtensionSpec.php  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php b/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
index a2a93ca..db15726 100644
--- a/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
+++ b/spec/Dunglas/AngularCsrfBundle/DependencyInjection/DunglasAngularCsrfExtensionSpec.php
@@ -60,6 +60,11 @@ public function it_loads(ContainerBuilder $container, ParameterBagInterface $par
             $container->addResource(Argument::type('Symfony\Component\Config\Resource\FileResource'))->shouldBeCalled();
         }
 
+        if (method_exists('Symfony\Component\DependencyInjection\ContainerBuilder', 'addRemovedBindingIds')) {
+            // Added in Symfony v4.2.6 and v3.4.25
+            $container->addRemovedBindingIds(Argument::type('string'))->willReturn(null);
+        }
+
         $container->getParameterBag()->willReturn($parameterBag)->shouldBeCalled();
         $container->hasExtension('http://symfony.com/schema/dic/services')->willReturn(false)->shouldBeCalled();
         $container->setParameter('dunglas_angular_csrf.token.id', $configs['dunglas_angular_csrf']['token']['id'])->shouldBeCalled();