Exposed Symfony-Session-NoAutoCacheControl header when sessions are disabled

The UserContextListener sets the Symfony-Session-NoAutoCacheControl header. But if a project does not even use sessions and disabled it, then the \Symfony\Component\HttpKernel\EventListener\SessionListener is not active. And thus also does not remove this header again. So FOSHttpCacheBundle should not set this header when sessions are not enabled in

FOSHttpCacheBundle/src/EventListener/UserContextListener.php

Line 151 in eacce6e

     $response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 1);  
 

and

FOSHttpCacheBundle/src/EventListener/UserContextListener.php

Line 215 in eacce6e

     $response->headers->set(AbstractSessionListener::NO_AUTO_CACHE_CONTROL_HEADER, 1);  
 

Otherwise it exposes this header to the outside.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Exposed Symfony-Session-NoAutoCacheControl header when sessions are disabled #512

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Exposed Symfony-Session-NoAutoCacheControl header when sessions are disabled #512

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions