From 1cba475b130243bae3fa0a7a8e91e027e420025b Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Sat, 17 May 2025 22:13:25 +0800 Subject: [PATCH 1/5] fix: ucfirst all cookie samesite values --- system/Cookie/Cookie.php | 4 ++-- system/Cookie/CookieInterface.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/system/Cookie/Cookie.php b/system/Cookie/Cookie.php index df75c03c7bcb..e4fb28568a35 100644 --- a/system/Cookie/Cookie.php +++ b/system/Cookie/Cookie.php @@ -766,11 +766,11 @@ protected function validateSameSite(string $samesite, bool $secure): void $samesite = self::SAMESITE_LAX; } - if (! in_array(strtolower($samesite), self::ALLOWED_SAMESITE_VALUES, true)) { + if (! in_array(ucfirst($samesite), self::ALLOWED_SAMESITE_VALUES, true)) { throw CookieException::forInvalidSameSite($samesite); } - if (strtolower($samesite) === self::SAMESITE_NONE && ! $secure) { + if (ucfirst($samesite) === self::SAMESITE_NONE && ! $secure) { throw CookieException::forInvalidSameSiteNone(); } } diff --git a/system/Cookie/CookieInterface.php b/system/Cookie/CookieInterface.php index 8317617088cd..b63cb4c07833 100644 --- a/system/Cookie/CookieInterface.php +++ b/system/Cookie/CookieInterface.php @@ -25,20 +25,20 @@ interface CookieInterface * first-party and cross-origin requests. If `SameSite=None` is set, * the cookie `Secure` attribute must also be set (or the cookie will be blocked). */ - public const SAMESITE_NONE = 'none'; + public const SAMESITE_NONE = 'None'; /** * Cookies are not sent on normal cross-site subrequests (for example to * load images or frames into a third party site), but are sent when a * user is navigating to the origin site (i.e. when following a link). */ - public const SAMESITE_LAX = 'lax'; + public const SAMESITE_LAX = 'Lax'; /** * Cookies will only be sent in a first-party context and not be sent * along with requests initiated by third party websites. */ - public const SAMESITE_STRICT = 'strict'; + public const SAMESITE_STRICT = 'Strict'; /** * RFC 6265 allowed values for the "SameSite" attribute. From 5263765eb998f232369139af7ea8df5519036543 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Sun, 18 May 2025 01:26:36 +0800 Subject: [PATCH 2/5] Fix doc sample --- user_guide_src/source/libraries/cookies/006.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user_guide_src/source/libraries/cookies/006.php b/user_guide_src/source/libraries/cookies/006.php index 1bf6c732b71a..512d3e8fefe0 100644 --- a/user_guide_src/source/libraries/cookies/006.php +++ b/user_guide_src/source/libraries/cookies/006.php @@ -2,6 +2,6 @@ use CodeIgniter\Cookie\Cookie; -Cookie::SAMESITE_LAX; // 'lax' -Cookie::SAMESITE_STRICT; // 'strict' -Cookie::SAMESITE_NONE; // 'none' +Cookie::SAMESITE_LAX; // 'Lax' +Cookie::SAMESITE_STRICT; // 'Strict' +Cookie::SAMESITE_NONE; // 'None' From c5e3984019cc22e435de3e79822753c8b0ec7f18 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Sun, 18 May 2025 18:02:16 +0800 Subject: [PATCH 3/5] Add changelog --- user_guide_src/source/changelogs/v4.7.0.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user_guide_src/source/changelogs/v4.7.0.rst b/user_guide_src/source/changelogs/v4.7.0.rst index a64f4245de05..7182a8dddb53 100644 --- a/user_guide_src/source/changelogs/v4.7.0.rst +++ b/user_guide_src/source/changelogs/v4.7.0.rst @@ -97,6 +97,8 @@ Deprecations Bugs Fixed ********** +- **Cookie:** The ``CookieInterface::SAMESITE_STRICT``, ``CookieInterface::SAMESITE_LAX``, and ``CookieInterface::SAMESITE_NONE`` constants are now written in ucfirst style to be consistent with usage in the rest of the framework. + See the repo's `CHANGELOG.md `_ for a complete list of bugs fixed. From 2cc77753fd243abd993745d3b2a1a188603c2f2e Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Mon, 19 May 2025 18:49:05 +0800 Subject: [PATCH 4/5] Fix review --- system/Cookie/Cookie.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/Cookie/Cookie.php b/system/Cookie/Cookie.php index e4fb28568a35..e828e4ca86eb 100644 --- a/system/Cookie/Cookie.php +++ b/system/Cookie/Cookie.php @@ -766,11 +766,11 @@ protected function validateSameSite(string $samesite, bool $secure): void $samesite = self::SAMESITE_LAX; } - if (! in_array(ucfirst($samesite), self::ALLOWED_SAMESITE_VALUES, true)) { + if (! in_array($samesite, self::ALLOWED_SAMESITE_VALUES, true)) { throw CookieException::forInvalidSameSite($samesite); } - if (ucfirst($samesite) === self::SAMESITE_NONE && ! $secure) { + if ($samesite === self::SAMESITE_NONE && ! $secure) { throw CookieException::forInvalidSameSiteNone(); } } From 1a13e4d202f878e80a775181e3e2a4c8f898f7a3 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" Date: Wed, 21 May 2025 01:24:03 +0800 Subject: [PATCH 5/5] Add case-insensitive validation of SameSite --- system/Cookie/Cookie.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/Cookie/Cookie.php b/system/Cookie/Cookie.php index e828e4ca86eb..b677bb944e31 100644 --- a/system/Cookie/Cookie.php +++ b/system/Cookie/Cookie.php @@ -766,11 +766,11 @@ protected function validateSameSite(string $samesite, bool $secure): void $samesite = self::SAMESITE_LAX; } - if (! in_array($samesite, self::ALLOWED_SAMESITE_VALUES, true)) { + if (! in_array(ucfirst(strtolower($samesite)), self::ALLOWED_SAMESITE_VALUES, true)) { throw CookieException::forInvalidSameSite($samesite); } - if ($samesite === self::SAMESITE_NONE && ! $secure) { + if (ucfirst(strtolower($samesite)) === self::SAMESITE_NONE && ! $secure) { throw CookieException::forInvalidSameSiteNone(); } }