Support for the SameSite cookie option #9
Conversation
There was a problem hiding this comment.
SameSite::fromString() already provides some validation. Maybe we don't need to duplicate validation in our code ? only check for empty values ?
|
@stissot Thanks for you contribution. It looks good for me, we just need some unit tests to cover these changes. Would you be able to provide some? Thanks! |
I added unit tests, but we have a dependency problem: support for SameSite cookie was added in dflydev/fig-cookies 2.0, but this version requires PHP >7.1, so either we drop the support for PHP 7.1, or shall we skip some tests when running with PHP 7.1 what do you suggest? |
|
IMHO, we should migrate to require only dflydev/fig-cookies ^2.0 and PHP ^7.2, because it was also done in mezzio/mezzio-swoole@18fe812 for exactly the same reason. So it makes sense to follow the same trend in this ecosystem. |
|
I agree with @PowerKiKi
|
I agree, but 2.0.1 and PHP 7.2 ;) |
|
@PowerKiKi @stissot As the feature requires PHP 7.3 anyway and PHP 7.2 is in security fixes only phase I think we should bump PHP version to 7.3 in this library for the next minor release. @stissot Would you be able to update it, please? BTW Thanks for the PR :) |
|
I'm usually in favor of dropping unsupported PHP version. But we still have 8 months to go for PHP 7.2. I feel it's a bit early. Bugs affecting users that runs PHP 7.2 could be fixed in that period, forcing them to upgrade PHP or leave open bugs. And it also is slightly out of scope of this PR. I'd prefer to have another dedicated PR to drop PHP 7.2 in November 2020. |
|
@PowerKiKi We will provide security updates for the previous minor until PHP 7.2 EOL so in general it should not be a problem. |
|
Oh, I was under the impression, that you only released "higher" version and didn't have security update branches for older versions. If that's the case, then dropping PHP 7.2 is fine with me. |
|
@PowerKiKi Yes, that's the plan - have security updates synchronised with PHP release cycle :) |
|
Thanks for your feedback, I agree to require PHP 7.3 in the next release and the PR has been updated accordingly. |
|
Could you make a release? I need this feature for our project. |
michalbundyra
force-pushed
the
samesite
branch
2 times, most recently
from
e1c343b to
ceb3ee4
Compare
Requires PHP 7.3 and FigCookies 2.0 Update PHPUnit version to 9.0.1 As we support now only PHP 7.3 we can bump PHPUnit version to 9. Also removed redundant conflict with phpspec/prophecy.
Signed-off-by: Michał Bundyra <[email protected]>
|
Thanks, @stissot! |
Description
Add support for the
SameSiteSetCookie parameter, described in RFC6265bis and supported by thesession.cookie_samesitePHP ini option from PHP 7.3+. The parameter can have theLaxorStrictorNullvalues, any other value will be ignored.