From e1e68fdb848b8c1d9e439285cf7c9119e008e34e Mon Sep 17 00:00:00 2001 From: Arne <1255879+arneee@users.noreply.github.com> Date: Sun, 27 Dec 2020 16:08:29 +0100 Subject: [PATCH 1/4] Allow "none" as SameSite value in cookies Hi, "None" is a valid value for the SameSite attribute of cookies. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite --- Slim/Http/Cookies.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Slim/Http/Cookies.php b/Slim/Http/Cookies.php index c186af0ce..b90fa2987 100644 --- a/Slim/Http/Cookies.php +++ b/Slim/Http/Cookies.php @@ -135,7 +135,7 @@ protected function toHeader($name, array $properties) $result .= '; HttpOnly'; } - if (isset($properties['samesite']) && in_array(strtolower($properties['samesite']), ['lax', 'strict'], true)) { + if (isset($properties['samesite']) && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true)) { // While strtolower is needed for correct comparison, the RFC doesn't care about case $result .= '; SameSite=' . $properties['samesite']; } From 9cc099f13a6c78452a5e0b46b12cea7e8d685af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre=20B=C3=A9rub=C3=A9?= Date: Mon, 1 Mar 2021 18:19:42 -0700 Subject: [PATCH 2/4] Fix line length --- Slim/Http/Cookies.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Slim/Http/Cookies.php b/Slim/Http/Cookies.php index b90fa2987..579367ed0 100644 --- a/Slim/Http/Cookies.php +++ b/Slim/Http/Cookies.php @@ -135,7 +135,10 @@ protected function toHeader($name, array $properties) $result .= '; HttpOnly'; } - if (isset($properties['samesite']) && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true)) { + if ( + isset($properties['samesite']) + && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true) + ) { // While strtolower is needed for correct comparison, the RFC doesn't care about case $result .= '; SameSite=' . $properties['samesite']; } From ea5e377ffa342b4dcb206c295170063763e58e50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre=20B=C3=A9rub=C3=A9?= Date: Mon, 1 Mar 2021 18:23:27 -0700 Subject: [PATCH 3/4] Fix line --- Slim/Http/Cookies.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Slim/Http/Cookies.php b/Slim/Http/Cookies.php index 579367ed0..862add8cd 100644 --- a/Slim/Http/Cookies.php +++ b/Slim/Http/Cookies.php @@ -135,8 +135,7 @@ protected function toHeader($name, array $properties) $result .= '; HttpOnly'; } - if ( - isset($properties['samesite']) + if (isset($properties['samesite']) && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true) ) { // While strtolower is needed for correct comparison, the RFC doesn't care about case From a5eb0659be25e616a695a91d454be94bd4994ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre=20B=C3=A9rub=C3=A9?= Date: Mon, 1 Mar 2021 18:25:32 -0700 Subject: [PATCH 4/4] Fix line --- Slim/Http/Cookies.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Slim/Http/Cookies.php b/Slim/Http/Cookies.php index 862add8cd..500b6a197 100644 --- a/Slim/Http/Cookies.php +++ b/Slim/Http/Cookies.php @@ -136,8 +136,7 @@ protected function toHeader($name, array $properties) } if (isset($properties['samesite']) - && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true) - ) { + && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true)) { // While strtolower is needed for correct comparison, the RFC doesn't care about case $result .= '; SameSite=' . $properties['samesite']; }