Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Undefined property: Config\App::$cookieSameSite #4371

Merged
merged 2 commits into from Mar 2, 2021
Merged

Fix Undefined property: Config\App::$cookieSameSite #4371

merged 2 commits into from Mar 2, 2021

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented Mar 1, 2021

Description
Fixes the notice.

Notice: Undefined property: Config\App::$cookieSameSite

See https://forum.codeigniter.com/thread-78693.html.

Checklist:

  • Securely signed commits
  • Component(s) with PHPdocs
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@kenjis
fix: Undefined property
6bb8258 
Notice: Undefined property: Config\App::$cookieSameSite
WinterSilence
WinterSilence reviewed Mar 1, 2021
View reviewed changes
Copy link
Contributor

@WinterSilence WinterSilence left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need replace $config to $this, also you must use property_exists()
if (! in_array(strtolower($this->cookieSameSite), Cookie::ALLOWED_SAMESITE_VALUES, true))

@kenjis
fix: for CodeIgniter\HTTP\ResponseCookieTest::testCookieBlankSetSameSite
31ccc2f 
1) CodeIgniter\HTTP\ResponseCookieTest::testCookieBlankSetSameSite
CodeIgniter\HTTP\Exceptions\CookieException: The SameSite value must be None, Lax, Strict or a blank string,  given.
@WinterSilence
Copy link
Contributor

WinterSilence commented Mar 1, 2021
edited

please add const SAMESITE_NONE_SECURE = 'none; secure'; to fix all cases
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure

@paulbalandan
Copy link
Member

There is already a validation check in Cookie for Samesite None without Secure attribute.

@kenjis
Copy link
Member Author

kenjis commented Mar 1, 2021

need replace $config to $this, also you must use property_exists()
if (! in_array(strtolower($this->cookieSameSite), Cookie::ALLOWED_SAMESITE_VALUES, true))

$this->cookieSameSite is deprecated.

also you must use property_exists()

Sorry, what do you mean?

@WinterSilence
Copy link
Contributor

@kenjis

$config->cookieSameSite = $config->cookieSameSite ?? Cookie::SAMESITE_LAX;
if (property_exists($this, 'cookieSameSite')) {
    $this->cookieSameSite = $config->cookieSameSite;
}
if (! in_array(strtolower($config->cookieSameSite), Cookie::ALLOWED_SAMESITE_VALUES, true))

property_exists vs isset:

$o = new  stdClass();
$o->isNull = null;
var_dump(property_exists($o, 'isNull'), isset($o->isNull)); // true, false

@WinterSilence
Copy link
Contributor

@paulbalandan

SameSite=None requires Secure

I can't find it in rfc6265
It's good fix but not required rule and other browsers may use none without Secure

@kenjis
Copy link
Member Author

kenjis commented Mar 1, 2021

@WinterSilence Thanks.

$this->cookieSameSite surely exists and is deprecated.
So it seems the current PR code is okay.

CodeIgniter4/system/HTTP/ResponseTrait.php

Lines 102 to 109 in ebdbf0d

/**
* Cookie SameSite setting
*
* @var string
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookieSameSite = Cookie::SAMESITE_LAX;

@paulbalandan paulbalandan merged commit 906d251 into codeigniter4:develop Mar 2, 2021
@kenjis kenjis deleted the fix-cookieSameSite branch March 2, 2021 04:54
@kenjis kenjis added the bug Verified issues on the current code behavior or pull requests that will fix them label Feb 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WinterSilence WinterSilence WinterSilence left review comments

@michalsn michalsn michalsn approved these changes

@paulbalandan paulbalandan paulbalandan approved these changes

Assignees
No one assigned
Labels
bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kenjis @WinterSilence @paulbalandan @michalsn