Add support of Mercure running on a subdomain

config/mercure.yaml

@@ -20,7 +20,8 @@ services:
         arguments:
             $tokenProvider: '@Pimcore\Bundle\StudioBackendBundle\Mercure\Service\ClientTokenService'
             $cookieLifetime: '%pimcore_studio_backend.mercure_settings.cookie_lifetime%'
-            $cookieSameSite: '%pimcore_studio_backend.mercure_settings.cookie_same_site%'
+            $jwt_cookie_strictness: '%pimcore_studio_backend.mercure_settings.jwt_cookie_strictness%'
+            $jwtCookieHost: '%pimcore_studio_backend.mercure_settings.jwt_cookie_host%'
 
     Pimcore\Bundle\StudioBackendBundle\Mercure\Service\Loader\TopicLoaderInterface:
         class: Pimcore\Bundle\StudioBackendBundle\Mercure\Service\Loader\TaggedIteratorAdapter

src/Asset/Schema/Type/Video.php

@@ -37,7 +37,7 @@ public function __construct(
             type: 'string',
             example: '/path/to/video/imagethumbnail.jpg'
         )]
-        private readonly?string $imageThumbnailPath,
+        private readonly ?string $imageThumbnailPath,
         bool $hasChildren,
         string $type,
         string $filename,

src/DependencyInjection/Configuration.php

@@ -24,7 +24,6 @@
 use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
-use Symfony\Component\HttpFoundation\Cookie;
 use function is_array;
 use function is_int;
 use function is_null;
@@ -48,12 +47,6 @@ class Configuration implements ConfigurationInterface
 
     private const string PERMISSION_ARRAY_VALUE_ERROR = 'Each permission value must be a boolean.';
 
-    private const array ALLOWED_COOKIE_SAME_SITE_VALUES = [
-        Cookie::SAMESITE_LAX,
-        Cookie::SAMESITE_NONE,
-        Cookie::SAMESITE_STRICT,
-    ];
-
     /**
      * {@inheritdoc}
      */
@@ -297,14 +290,13 @@ private function addMercureConfiguration(ArrayNodeDefinition $node): void
                         ->info('Lifetime of the mercure cookie in seconds. Default is one hour.')
                         ->defaultValue(3600)
                     ->end()
-                     ->enumNode('cookie_same_site')
-                        ->info('Same site setting for the mercure cookie. Default is "' .
-                            Cookie::SAMESITE_STRICT .'". ' .
-                            'Possible values are: ' .
-                            implode(',', self::ALLOWED_COOKIE_SAME_SITE_VALUES) .'".'
-                        )
-                        ->values(self::ALLOWED_COOKIE_SAME_SITE_VALUES)
-                        ->defaultValue(Cookie::SAMESITE_STRICT)
+                     ->scalarNode('jwt_cookie_host')
+                        ->info('Domain where to set the Mercure auth cookie, e.g. ".example.com".')
+                        ->defaultNull()
+                    ->end()
+                     ->booleanNode('jwt_cookie_strictness')
+                        ->info('If true, use SameSite=Strict; if false, use SameSite=None.')
+                        ->defaultTrue()
                     ->end()
                 ->end()
             ->end();

src/Mercure/Service/HubService.php

@@ -26,24 +26,34 @@ public function __construct(
         private TokenProviderInterface $tokenProvider,
         private UrlServiceInterface $urlService,
         private int $cookieLifetime = 3600,
-        private string $cookieSameSite = Cookie::SAMESITE_STRICT,
+        private bool $jwt_cookie_strictness = true,
+        private ?string $jwtCookieHost = null,
     ) {
     }
 
     public function createCookie(): Cookie
     {
         $urlParts = parse_url($this->urlService->getClientSideUrl());
 
+        $host = '';
+        if (!empty($this->jwtCookieHost)) {
+            $host = $this->jwtCookieHost;
+        }
+
+        if ($host === '' && isset($urlParts[Mercure::URL_HOST->value])) {
+            $host = $urlParts[Mercure::URL_HOST->value];
+        }
+
         return new Cookie(
             Mercure::AUTHORIZATION_COOKIE_NAME->value,
             $this->tokenProvider->getJwt(),
             time() + $this->cookieLifetime,
             $urlParts[Mercure::URL_PATH->value] ?? '/',
-            $urlParts[Mercure::URL_HOST->value] ?? '',
+            $host,
             $urlParts[Mercure::URL_SCHEME->value] === Mercure::URL_SCHEME_HTTPS->value,
             true,
             false,
-            $this->cookieSameSite
+            $this->jwt_cookie_strictness ? Cookie::SAMESITE_STRICT : Cookie::SAMESITE_NONE
         );
     }
 }