Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[HttpFoundation] Support samesite cookies in response#26478
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
staabm commentedMar 10, 2018
They might kill your hack in the next php version |
cmb69 commentedMar 10, 2018
Note that the PR targets PHP-7.1, since it is supposed to fix a bug. |
staabm commentedMar 11, 2018
Maybe you could use or take some inspiration fromhttps://github.com/delight-im/PHP-Cookie |
nicolas-grekas commentedMar 14, 2018
The hack might be acceptable if it is tested. |
lstrojny commentedMar 14, 2018
@nicolas-grekas the best idea I could come up with for a test is an integration test that starts the built-in PHP server and verifies that the header is as expected. |
| // cookies | ||
| foreach ($this->headers->getCookies()as$cookie) { | ||
| $path =$cookie->getPath().(null !==$cookie->getSameSite() ? ('; samesite='.$cookie->getSameSite()) :''); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I understand that this is a hack needed because of the lack of support ofsamesite in PHP cookie functions. However, wouldn't it be better to hack this into$cookie->getDomain() instead of$cookie->getPath() ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@javiereguiluz the issue is, domain can be null while path will always be something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
OK then 👍 ... but@nicolas-grekas proposal may be a better way to solve this? What do you think?
nicolas-grekas commentedMar 16, 2018
Actually here is another approach I worked on, the discussion might still be relevant:#25348 |
nicolas-grekas commentedApr 9, 2018 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
This hack adds support for samesite cookies in
Response::sendHeaders(). One can misuse the path parameter to set the samesite attribute nevertheless.