codeigniter4
diff --git a/‎app/Config/App.php‎
Lines changed: 62 additions & 81 deletions b/‎app/Config/App.php‎
Lines changed: 62 additions & 81 deletions
@@ -21,10 +21,22 @@ class App extends BaseConfig
      * and path to your installation. However, you should always configure this
      * explicitly and never rely on auto-guessing, especially in production
      * environments.
+     */
+    public string $baseURL = 'http://localhost:8080/';
+
+    /**
+     * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
+     * If you want to accept multiple Hostnames, set this.
      *
-     * @var string
+     * E.g. When your site URL ($baseURL) is 'http://example.com/', and your site
+     *      also accepts 'http://media.example.com/' and
+     *      'http://accounts.example.com/':
+     *          ['media.example.com', 'accounts.example.com']
+     *
+     * @var string[]
+     * @phpstan-var list<string>
      */
-    public $baseURL = 'http://localhost:8080/';
+    public array $allowedHostnames = [];
 
     /**
      * --------------------------------------------------------------------------
@@ -34,10 +46,8 @@ class App extends BaseConfig
      * Typically this will be your index.php file, unless you've renamed it to
      * something else. If you are using mod_rewrite to remove the page set this
      * variable so that it is blank.
-     *
-     * @var string
      */
-    public $indexPage = 'index.php';
+    public string $indexPage = 'index.php';
 
     /**
      * --------------------------------------------------------------------------
@@ -53,10 +63,8 @@ class App extends BaseConfig
      * 'PATH_INFO'      Uses $_SERVER['PATH_INFO']
      *
      * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
-     *
-     * @var string
      */
-    public $uriProtocol = 'REQUEST_URI';
+    public string $uriProtocol = 'REQUEST_URI';
 
     /**
      * --------------------------------------------------------------------------
@@ -67,10 +75,8 @@ class App extends BaseConfig
      * is viewing the site from. It affects the language strings and other
      * strings (like currency markers, numbers, etc), that your program
      * should run under for this request.
-     *
-     * @var string
      */
-    public $defaultLocale = 'en';
+    public string $defaultLocale = 'en';
 
     /**
      * --------------------------------------------------------------------------
@@ -81,10 +87,8 @@ class App extends BaseConfig
      * language to use based on the value of the Accept-Language header.
      *
      * If false, no automatic detection will be performed.
-     *
-     * @var bool
      */
-    public $negotiateLocale = false;
+    public bool $negotiateLocale = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -97,7 +101,7 @@ class App extends BaseConfig
      *
      * @var string[]
      */
-    public $supportedLocales = ['en'];
+    public array $supportedLocales = ['en'];
 
     /**
      * --------------------------------------------------------------------------
@@ -106,10 +110,8 @@ class App extends BaseConfig
      *
      * The default timezone that will be used in your application to display
      * dates with the date helper, and can be retrieved through app_timezone()
-     *
-     * @var string
      */
-    public $appTimezone = 'America/Chicago';
+    public string $appTimezone = 'UTC';
 
     /**
      * --------------------------------------------------------------------------
@@ -120,10 +122,8 @@ class App extends BaseConfig
      * that require a character set to be provided.
      *
      * @see http://php.net/htmlspecialchars for a list of supported charsets.
-     *
-     * @var string
      */
-    public $charset = 'UTF-8';
+    public string $charset = 'UTF-8';
 
     /**
      * --------------------------------------------------------------------------
@@ -134,10 +134,8 @@ class App extends BaseConfig
      * made via a secure connection (HTTPS). If the incoming request is not
      * secure, the user will be redirected to a secure version of the page
      * and the HTTP Strict Transport Security header will be set.
-     *
-     * @var bool
      */
-    public $forceGlobalSecureRequests = false;
+    public bool $forceGlobalSecureRequests = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -150,9 +148,9 @@ class App extends BaseConfig
      * - `CodeIgniter\Session\Handlers\MemcachedHandler`
      * - `CodeIgniter\Session\Handlers\RedisHandler`
      *
-     * @var string
+     * @deprecated use Config\Session::$driver instead.
      */
-    public $sessionDriver = FileHandler::class;
+    public string $sessionDriver = FileHandler::class;
 
     /**
      * --------------------------------------------------------------------------
@@ -161,9 +159,9 @@ class App extends BaseConfig
      *
      * The session cookie name, must contain only [0-9a-z_-] characters
      *
-     * @var string
+     * @deprecated use Config\Session::$cookieName  instead.
      */
-    public $sessionCookieName = 'ci_session';
+    public string $sessionCookieName = 'ci_session';
 
     /**
      * --------------------------------------------------------------------------
@@ -173,9 +171,9 @@ class App extends BaseConfig
      * The number of SECONDS you want the session to last.
      * Setting to 0 (zero) means expire when the browser is closed.
      *
-     * @var int
+     * @deprecated use Config\Session::$expiration instead.
      */
-    public $sessionExpiration = 7200;
+    public int $sessionExpiration = 7200;
 
     /**
      * --------------------------------------------------------------------------
@@ -192,9 +190,9 @@ class App extends BaseConfig
      *
      * IMPORTANT: You are REQUIRED to set a valid save path!
      *
-     * @var string
+     * @deprecated use Config\Session::$savePath instead.
      */
-    public $sessionSavePath = WRITEPATH . 'session';
+    public string $sessionSavePath = WRITEPATH . 'session';
 
     /**
      * --------------------------------------------------------------------------
@@ -206,9 +204,9 @@ class App extends BaseConfig
      * WARNING: If you're using the database driver, don't forget to update
      *          your session table's PRIMARY KEY when changing this setting.
      *
-     * @var bool
+     * @deprecated use Config\Session::$matchIP instead.
      */
-    public $sessionMatchIP = false;
+    public bool $sessionMatchIP = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -217,9 +215,9 @@ class App extends BaseConfig
      *
      * How many seconds between CI regenerating the session ID.
      *
-     * @var int
+     * @deprecated use Config\Session::$timeToUpdate instead.
      */
-    public $sessionTimeToUpdate = 300;
+    public int $sessionTimeToUpdate = 300;
 
     /**
      * --------------------------------------------------------------------------
@@ -230,9 +228,20 @@ class App extends BaseConfig
      * when auto-regenerating the session ID. When set to FALSE, the data
      * will be later deleted by the garbage collector.
      *
-     * @var bool
+     * @deprecated use Config\Session::$regenerateDestroy instead.
      */
-    public $sessionRegenerateDestroy = false;
+    public bool $sessionRegenerateDestroy = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Database Group
+     * --------------------------------------------------------------------------
+     *
+     * DB Group for the database session.
+     *
+     * @deprecated use Config\Session::$DBGroup instead.
+     */
+    public ?string $sessionDBGroup = null;
 
     /**
      * --------------------------------------------------------------------------
@@ -241,11 +250,9 @@ class App extends BaseConfig
      *
      * Set a cookie name prefix if you need to avoid collisions.
      *
-     * @var string
-     *
      * @deprecated use Config\Cookie::$prefix property instead.
      */
-    public $cookiePrefix = '';
+    public string $cookiePrefix = '';
 
     /**
      * --------------------------------------------------------------------------
@@ -254,11 +261,9 @@ class App extends BaseConfig
      *
      * Set to `.your-domain.com` for site-wide cookies.
      *
-     * @var string
-     *
      * @deprecated use Config\Cookie::$domain property instead.
      */
-    public $cookieDomain = '';
+    public string $cookieDomain = '';
 
     /**
      * --------------------------------------------------------------------------
@@ -267,11 +272,9 @@ class App extends BaseConfig
      *
      * Typically will be a forward slash.
      *
-     * @var string
-     *
      * @deprecated use Config\Cookie::$path property instead.
      */
-    public $cookiePath = '/';
+    public string $cookiePath = '/';
 
     /**
      * --------------------------------------------------------------------------
@@ -280,11 +283,9 @@ class App extends BaseConfig
      *
      * Cookie will only be set if a secure HTTPS connection exists.
      *
-     * @var bool
-     *
      * @deprecated use Config\Cookie::$secure property instead.
      */
-    public $cookieSecure = false;
+    public bool $cookieSecure = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -293,11 +294,9 @@ class App extends BaseConfig
      *
      * Cookie will only be accessible via HTTP(S) (no JavaScript).
      *
-     * @var bool
-     *
      * @deprecated use Config\Cookie::$httponly property instead.
      */
-    public $cookieHTTPOnly = true;
+    public bool $cookieHTTPOnly = true;
 
     /**
      * --------------------------------------------------------------------------
@@ -319,11 +318,9 @@ class App extends BaseConfig
      * (empty string) means default SameSite attribute set by browsers (`Lax`)
      * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
      *
-     * @var string|null
-     *
      * @deprecated use Config\Cookie::$samesite property instead.
      */
-    public $cookieSameSite = 'Lax';
+    public ?string $cookieSameSite = 'Lax';
 
     /**
      * --------------------------------------------------------------------------
@@ -346,7 +343,7 @@ class App extends BaseConfig
      *
      * @var array<string, string>
      */
-    public $proxyIPs = [];
+    public array $proxyIPs = [];
 
     /**
      * --------------------------------------------------------------------------
@@ -356,10 +353,8 @@ class App extends BaseConfig
      * The token name.
      *
      * @deprecated Use `Config\Security` $tokenName property instead of using this property.
-     *
-     * @var string
      */
-    public $CSRFTokenName = 'csrf_test_name';
+    public string $CSRFTokenName = 'csrf_test_name';
 
     /**
      * --------------------------------------------------------------------------
@@ -369,10 +364,8 @@ class App extends BaseConfig
      * The header name.
      *
      * @deprecated Use `Config\Security` $headerName property instead of using this property.
-     *
-     * @var string
      */
-    public $CSRFHeaderName = 'X-CSRF-TOKEN';
+    public string $CSRFHeaderName = 'X-CSRF-TOKEN';
 
     /**
      * --------------------------------------------------------------------------
@@ -382,10 +375,8 @@ class App extends BaseConfig
      * The cookie name.
      *
      * @deprecated Use `Config\Security` $cookieName property instead of using this property.
-     *
-     * @var string
      */
-    public $CSRFCookieName = 'csrf_cookie_name';
+    public string $CSRFCookieName = 'csrf_cookie_name';
 
     /**
      * --------------------------------------------------------------------------
@@ -395,10 +386,8 @@ class App extends BaseConfig
      * The number in seconds the token should expire.
      *
      * @deprecated Use `Config\Security` $expire property instead of using this property.
-     *
-     * @var int
      */
-    public $CSRFExpire = 7200;
+    public int $CSRFExpire = 7200;
 
     /**
      * --------------------------------------------------------------------------
@@ -408,10 +397,8 @@ class App extends BaseConfig
      * Regenerate token on every submission?
      *
      * @deprecated Use `Config\Security` $regenerate property instead of using this property.
-     *
-     * @var bool
      */
-    public $CSRFRegenerate = true;
+    public bool $CSRFRegenerate = true;
 
     /**
      * --------------------------------------------------------------------------
@@ -421,10 +408,8 @@ class App extends BaseConfig
      * Redirect to previous page with error on failure?
      *
      * @deprecated Use `Config\Security` $redirect property instead of using this property.
-     *
-     * @var bool
      */
-    public $CSRFRedirect = true;
+    public bool $CSRFRedirect = false;
 
     /**
      * --------------------------------------------------------------------------
@@ -442,10 +427,8 @@ class App extends BaseConfig
      * @see https://portswigger.net/web-security/csrf/samesite-cookies
      *
      * @deprecated `Config\Cookie` $samesite property is used.
-     *
-     * @var string
      */
-    public $CSRFSameSite = 'Lax';
+    public string $CSRFSameSite = 'Lax';
 
     /**
      * --------------------------------------------------------------------------
@@ -462,8 +445,6 @@ class App extends BaseConfig
      *
      * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
      * @see http://www.w3.org/TR/CSP/
-     *
-     * @var bool
      */
-    public $CSPEnabled = false;
+    public bool $CSPEnabled = false;
 }