HttpExtension: added option secureCookies

Author: dg

src/Bridges/HttpDI/HttpExtension.php

@@ -27,6 +27,7 @@ class HttpExtension extends Nette\DI\CompilerExtension
 		'csp' => [], // Content-Security-Policy
 		'cspReport' => [], // Content-Security-Policy-Report-Only
 		'featurePolicy' => [], // Feature-Policy
+		'secureCookies' => null,
 	];
 
 	/** @var bool */
@@ -52,10 +53,14 @@ public function loadConfiguration()
 			->setFactory('@Nette\Http\RequestFactory::createHttpRequest')
 			->setClass(Nette\Http\IRequest::class);
 
-		$builder->addDefinition($this->prefix('response'))
+		$response = $builder->addDefinition($this->prefix('response'))
 			->setFactory(Nette\Http\Response::class)
 			->setClass(Nette\Http\IResponse::class);
 
+		if (!empty($config['secureCookies'])) {
+			$response->addSetup('$cookieSecure', [true]);
+		}
+
 		if ($this->name === 'http') {
 			$builder->addAlias('nette.httpRequestFactory', $this->prefix('requestFactory'));
 			$builder->addAlias('httpRequest', $this->prefix('request'));

tests/Http.DI/HttpExtension.secureCookies.phpt

@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * Test: SessionExtension.
+ */
+
+declare(strict_types=1);
+
+use Nette\Bridges\HttpDI\HttpExtension;
+use Nette\Bridges\HttpDI\SessionExtension;
+use Nette\DI;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+$compiler = new DI\Compiler;
+$compiler->addExtension('http', new HttpExtension);
+$compiler->addExtension('session', new SessionExtension(false, PHP_SAPI === 'cli'));
+
+$loader = new DI\Config\Loader;
+$config = $loader->load(Tester\FileMock::create('
+http:
+	secureCookies: yes
+', 'neon'));
+
+eval($compiler->addConfig($config)->compile());
+
+$container = new Container;
+
+Assert::true($container->getService('http.response')->cookieSecure);
+Assert::true($container->getService('session.session')->getOptions()['cookie_secure']);