[9.x] Allow VerifyCsrfToken's CSRF cookie to be extended (#41342)

* Move the cookie to its own method * Fix types * CS fixes * formatting Co-authored-by: Taylor Otwell <[email protected]>
laravel · Mar 4, 2022 · 101cd01 · 101cd01
1 parent 50b46db
commit 101cd01
Showing 1 changed file with 23 additions and 6 deletions.
diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -188,16 +188,33 @@ protected function addCookieToResponse($request, $response)
             $response = $response->toResponse($request);
         }
 
-        $response->headers->setCookie(
-            new Cookie(
-                'XSRF-TOKEN', $request->session()->token(), $this->availableAt(60 * $config['lifetime']),
-                $config['path'], $config['domain'], $config['secure'], false, false, $config['same_site'] ?? null
-            )
-        );
+        $response->headers->setCookie($this->newCookie($request, $config));
 
         return $response;
     }
 
+    /**
+     * Create a new "XSRF-TOKEN" cookie that contains the CSRF token.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  array  $config
+     * @return \Symfony\Component\HttpFoundation\Cookie
+     */
+    protected function newCookie($request, $config)
+    {
+        return new Cookie(
+            'XSRF-TOKEN',
+            $request->session()->token(),
+            $this->availableAt(60 * $config['lifetime']),
+            $config['path'],
+            $config['domain'],
+            $config['secure'],
+            false,
+            false,
+            $config['same_site'] ?? null
+        );
+    }
+
     /**
      * Determine if the cookie contents should be serialized.
      *