From b53578c3c3d2afaa12933471ae21481703290f5d Mon Sep 17 00:00:00 2001 From: Vincent ROBERT Date: Tue, 23 Sep 2025 09:42:46 +0200 Subject: [PATCH 1/6] Add support of Mercure running on a subdomain --- config/mercure.yaml | 3 ++- src/DependencyInjection/Configuration.php | 15 +++++++-------- src/Mercure/Service/HubService.php | 16 +++++++++++++--- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/config/mercure.yaml b/config/mercure.yaml index 47965eb4c..ff30c8951 100644 --- a/config/mercure.yaml +++ b/config/mercure.yaml @@ -20,7 +20,8 @@ services: arguments: $tokenProvider: '@Pimcore\Bundle\StudioBackendBundle\Mercure\Service\ClientTokenService' $cookieLifetime: '%pimcore_studio_backend.mercure_settings.cookie_lifetime%' - $cookieSameSite: '%pimcore_studio_backend.mercure_settings.cookie_same_site%' + $jwt_cookie_strictness: '%pimcore_studio_backend.mercure_settings.jwt_cookie_strictness%' + $jwtCookieHost: '%pimcore_studio_backend.mercure_settings.jwt_cookie_host%' Pimcore\Bundle\StudioBackendBundle\Mercure\Service\Loader\TopicLoaderInterface: class: Pimcore\Bundle\StudioBackendBundle\Mercure\Service\Loader\TaggedIteratorAdapter diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php index d3f93e4fc..a02b23269 100644 --- a/src/DependencyInjection/Configuration.php +++ b/src/DependencyInjection/Configuration.php @@ -297,14 +297,13 @@ private function addMercureConfiguration(ArrayNodeDefinition $node): void ->info('Lifetime of the mercure cookie in seconds. Default is one hour.') ->defaultValue(3600) ->end() - ->enumNode('cookie_same_site') - ->info('Same site setting for the mercure cookie. Default is "' . - Cookie::SAMESITE_STRICT .'". ' . - 'Possible values are: ' . - implode(',', self::ALLOWED_COOKIE_SAME_SITE_VALUES) .'".' - ) - ->values(self::ALLOWED_COOKIE_SAME_SITE_VALUES) - ->defaultValue(Cookie::SAMESITE_STRICT) + ->scalarNode('jwt_cookie_host') + ->info('Domain where to set the Mercure auth cookie, e.g. ".example.com".') + ->defaultNull() + ->end() + ->booleanNode('jwt_cookie_strictness') + ->info('If true, use SameSite=Strict; if false, use SameSite=None.') + ->defaultTrue() ->end() ->end() ->end(); diff --git a/src/Mercure/Service/HubService.php b/src/Mercure/Service/HubService.php index 8f43cc89e..43634d324 100644 --- a/src/Mercure/Service/HubService.php +++ b/src/Mercure/Service/HubService.php @@ -26,7 +26,8 @@ public function __construct( private TokenProviderInterface $tokenProvider, private UrlServiceInterface $urlService, private int $cookieLifetime = 3600, - private string $cookieSameSite = Cookie::SAMESITE_STRICT, + private bool $jwt_cookie_strictness = true, + private ?string $jwtCookieHost = null, ) { } @@ -34,16 +35,25 @@ public function createCookie(): Cookie { $urlParts = parse_url($this->urlService->getClientSideUrl()); + if (!empty($this->jwtCookieHost)) { + $host = $this->jwtCookieHost; + } + elseif (isset($urlParts[Mercure::URL_HOST->value])) { + $host = $urlParts[Mercure::URL_HOST->value]; + } else { + $host = ''; + } + return new Cookie( Mercure::AUTHORIZATION_COOKIE_NAME->value, $this->tokenProvider->getJwt(), time() + $this->cookieLifetime, $urlParts[Mercure::URL_PATH->value] ?? '/', - $urlParts[Mercure::URL_HOST->value] ?? '', + $host, $urlParts[Mercure::URL_SCHEME->value] === Mercure::URL_SCHEME_HTTPS->value, true, false, - $this->cookieSameSite + $this->jwt_cookie_strictness ? Cookie::SAMESITE_STRICT : Cookie::SAMESITE_NONE ); } } From a9b73d3e5e8a1cd01bb604b3215e72edf0302694 Mon Sep 17 00:00:00 2001 From: vrobert78 <15088490+vrobert78@users.noreply.github.com> Date: Tue, 23 Sep 2025 07:45:22 +0000 Subject: [PATCH 2/6] Apply php-cs-fixer changes --- src/Asset/Schema/Type/Video.php | 2 +- src/Mercure/Service/HubService.php | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Asset/Schema/Type/Video.php b/src/Asset/Schema/Type/Video.php index 3065e5062..1bfce01c9 100644 --- a/src/Asset/Schema/Type/Video.php +++ b/src/Asset/Schema/Type/Video.php @@ -37,7 +37,7 @@ public function __construct( type: 'string', example: '/path/to/video/imagethumbnail.jpg' )] - private readonly?string $imageThumbnailPath, + private readonly ?string $imageThumbnailPath, bool $hasChildren, string $type, string $filename, diff --git a/src/Mercure/Service/HubService.php b/src/Mercure/Service/HubService.php index 43634d324..98fa25ae4 100644 --- a/src/Mercure/Service/HubService.php +++ b/src/Mercure/Service/HubService.php @@ -37,8 +37,7 @@ public function createCookie(): Cookie if (!empty($this->jwtCookieHost)) { $host = $this->jwtCookieHost; - } - elseif (isset($urlParts[Mercure::URL_HOST->value])) { + } elseif (isset($urlParts[Mercure::URL_HOST->value])) { $host = $urlParts[Mercure::URL_HOST->value]; } else { $host = ''; From 623e3a957f6370361e9bdd436ad57dd34b3ad28a Mon Sep 17 00:00:00 2001 From: Vincent ROBERT Date: Tue, 23 Sep 2025 09:53:20 +0200 Subject: [PATCH 3/6] remove no longer needed const --- src/DependencyInjection/Configuration.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php index a02b23269..9f86e1651 100644 --- a/src/DependencyInjection/Configuration.php +++ b/src/DependencyInjection/Configuration.php @@ -48,12 +48,6 @@ class Configuration implements ConfigurationInterface private const string PERMISSION_ARRAY_VALUE_ERROR = 'Each permission value must be a boolean.'; - private const array ALLOWED_COOKIE_SAME_SITE_VALUES = [ - Cookie::SAMESITE_LAX, - Cookie::SAMESITE_NONE, - Cookie::SAMESITE_STRICT, - ]; - /** * {@inheritdoc} */ From 6b147af456987142e7a244fbd0d33662f69d5ba6 Mon Sep 17 00:00:00 2001 From: vrobert78 <15088490+vrobert78@users.noreply.github.com> Date: Tue, 23 Sep 2025 07:54:03 +0000 Subject: [PATCH 4/6] Apply php-cs-fixer changes --- src/DependencyInjection/Configuration.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php index 9f86e1651..143008f6b 100644 --- a/src/DependencyInjection/Configuration.php +++ b/src/DependencyInjection/Configuration.php @@ -24,7 +24,6 @@ use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition; use Symfony\Component\Config\Definition\Builder\TreeBuilder; use Symfony\Component\Config\Definition\ConfigurationInterface; -use Symfony\Component\HttpFoundation\Cookie; use function is_array; use function is_int; use function is_null; From d2bb9eefbbcb62af83332b8f1d1a6cd054f80474 Mon Sep 17 00:00:00 2001 From: Vincent ROBERT Date: Tue, 23 Sep 2025 10:32:20 +0200 Subject: [PATCH 5/6] Update src/Mercure/Service/HubService.php Co-authored-by: Martin Eiber --- src/Mercure/Service/HubService.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Mercure/Service/HubService.php b/src/Mercure/Service/HubService.php index 98fa25ae4..32789a0ae 100644 --- a/src/Mercure/Service/HubService.php +++ b/src/Mercure/Service/HubService.php @@ -35,12 +35,13 @@ public function createCookie(): Cookie { $urlParts = parse_url($this->urlService->getClientSideUrl()); + $host = ''; if (!empty($this->jwtCookieHost)) { $host = $this->jwtCookieHost; - } elseif (isset($urlParts[Mercure::URL_HOST->value])) { + } + + if ($host === '' && isset($urlParts[Mercure::URL_HOST->value])) { $host = $urlParts[Mercure::URL_HOST->value]; - } else { - $host = ''; } return new Cookie( From 63cecfd8b1d2b766ee8064e388a6bee835c26a41 Mon Sep 17 00:00:00 2001 From: vrobert78 <15088490+vrobert78@users.noreply.github.com> Date: Tue, 23 Sep 2025 08:32:54 +0000 Subject: [PATCH 6/6] Apply php-cs-fixer changes --- src/Mercure/Service/HubService.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Mercure/Service/HubService.php b/src/Mercure/Service/HubService.php index 32789a0ae..826eed7a6 100644 --- a/src/Mercure/Service/HubService.php +++ b/src/Mercure/Service/HubService.php @@ -39,7 +39,7 @@ public function createCookie(): Cookie if (!empty($this->jwtCookieHost)) { $host = $this->jwtCookieHost; } - + if ($host === '' && isset($urlParts[Mercure::URL_HOST->value])) { $host = $urlParts[Mercure::URL_HOST->value]; }