Add case-insensitive validation of SameSite

paulbalandan · paulbalandan · commit 1a13e4d202f8 · 2025-05-21T01:24:03.000+08:00
diff --git a/system/Cookie/Cookie.php b/system/Cookie/Cookie.php
@@ -766,11 +766,11 @@ protected function validateSameSite(string $samesite, bool $secure): void
             $samesite = self::SAMESITE_LAX;
         }
 
-        if (! in_array($samesite, self::ALLOWED_SAMESITE_VALUES, true)) {
+        if (! in_array(ucfirst(strtolower($samesite)), self::ALLOWED_SAMESITE_VALUES, true)) {
             throw CookieException::forInvalidSameSite($samesite);
         }
 
-        if ($samesite === self::SAMESITE_NONE && ! $secure) {
+        if (ucfirst(strtolower($samesite)) === self::SAMESITE_NONE && ! $secure) {
             throw CookieException::forInvalidSameSiteNone();
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -766,11 +766,11 @@ protected function validateSameSite(string $samesite, bool $secure): void`
`766`	`766`	`$samesite = self::SAMESITE_LAX;`
`767`	`767`	`}`
`768`	`768`
`769`		`- if (! in_array($samesite, self::ALLOWED_SAMESITE_VALUES, true)) {`
	`769`	`+ if (! in_array(ucfirst(strtolower($samesite)), self::ALLOWED_SAMESITE_VALUES, true)) {`
`770`	`770`	`throw CookieException::forInvalidSameSite($samesite);`
`771`	`771`	`}`
`772`	`772`
`773`		`- if ($samesite === self::SAMESITE_NONE && ! $secure) {`
	`773`	`+ if (ucfirst(strtolower($samesite)) === self::SAMESITE_NONE && ! $secure) {`
`774`	`774`	`throw CookieException::forInvalidSameSiteNone();`
`775`	`775`	`}`
`776`	`776`	`}`