From eb770fdc6d809bc7c28d499f897c0ab2c449f669 Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Sun, 28 Feb 2021 20:10:00 +0200 Subject: Initial implementation of samesite for CI_Input::set_cookie --- user_guide_src/source/libraries/input.rst | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 730b3a9b0..79c128afa 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -242,7 +242,7 @@ Class Reference This method is identical to ``get()``, ``post()`` and ``cookie()``, only it fetches the *php://input* stream data. - .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = 0[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]]) + .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = 0[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL[, $samesite = NULL]]]]]]]]) :param mixed $name: Cookie name or an array of parameters :param string $value: Cookie value @@ -252,6 +252,7 @@ Class Reference :param string $prefix: Cookie name prefix :param bool $secure: Whether to only transfer the cookie through HTTPS :param bool $httponly: Whether to only make the cookie accessible for HTTP requests (no JavaScript) + :param string $samesite: Cookie's SameSite attribute ('lax', 'strict', 'none' or NULL) :rtype: void @@ -265,13 +266,14 @@ Class Reference parameter:: $cookie = array( - 'name' => 'The Cookie Name', - 'value' => 'The Value', - 'expire' => 86500, - 'domain' => '.some-domain.com', - 'path' => '/', - 'prefix' => 'myprefix_', - 'secure' => TRUE + 'name' => 'The Cookie Name', + 'value' => 'The Value', + 'expire' => 86500, + 'domain' => '.some-domain.com', + 'path' => '/', + 'prefix' => 'myprefix_', + 'secure' => TRUE, + 'samesite' => 'strict' ); $this->input->set_cookie($cookie); @@ -297,13 +299,14 @@ Class Reference The *httponly* and *secure* flags, when omitted, will default to your ``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings. + The *samesite* parameter can be ``'lax'``, ``'strict'``, ``'none'`` or ``NULL``. When ``NULL``, the same-site cookie attribute is not set at all. **Discrete Parameters** If you prefer, you can set the cookie by passing data using individual parameters:: - $this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure); + $this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure, $samesite); .. php:method:: ip_address() -- cgit v1.2.3-24-g4f1b From 2abda9049a8d006673204f56f4680526232b2360 Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Sun, 14 Mar 2021 01:56:30 +0200 Subject: Dropping the possibility that samesite cookie attribute won't be sent; defaults to Lax; all samesite values are ucfirst'ed; log for SameSite=None non-secure cookies --- user_guide_src/source/libraries/input.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 79c128afa..a9255fa87 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -252,7 +252,7 @@ Class Reference :param string $prefix: Cookie name prefix :param bool $secure: Whether to only transfer the cookie through HTTPS :param bool $httponly: Whether to only make the cookie accessible for HTTP requests (no JavaScript) - :param string $samesite: Cookie's SameSite attribute ('lax', 'strict', 'none' or NULL) + :param string $samesite: Cookie's SameSite attribute ('Lax', 'Strict', 'None') :rtype: void @@ -299,7 +299,7 @@ Class Reference The *httponly* and *secure* flags, when omitted, will default to your ``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings. - The *samesite* parameter can be ``'lax'``, ``'strict'``, ``'none'`` or ``NULL``. When ``NULL``, the same-site cookie attribute is not set at all. + The *samesite* parameter can be ``'Lax'``, ``'Strict'`` or ``'None'``. If not set, the same-site cookie attribute will default to ``'Lax'``. **Discrete Parameters** -- cgit v1.2.3-24-g4f1b From 1415d4ec99c7dbaec2c34742536e00eb9cb7493f Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Fri, 2 Apr 2021 02:57:40 +0300 Subject: Improves input.rst (set cookie) --- user_guide_src/source/libraries/input.rst | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index a9255fa87..e0f3d8417 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -252,7 +252,7 @@ Class Reference :param string $prefix: Cookie name prefix :param bool $secure: Whether to only transfer the cookie through HTTPS :param bool $httponly: Whether to only make the cookie accessible for HTTP requests (no JavaScript) - :param string $samesite: Cookie's SameSite attribute ('Lax', 'Strict', 'None') + :param string $samesite: SameSite attribute ('Lax', 'Strict', 'None') :rtype: void @@ -266,14 +266,14 @@ Class Reference parameter:: $cookie = array( - 'name' => 'The Cookie Name', - 'value' => 'The Value', - 'expire' => 86500, - 'domain' => '.some-domain.com', - 'path' => '/', - 'prefix' => 'myprefix_', - 'secure' => TRUE, - 'samesite' => 'strict' + 'name' => 'The Cookie Name', + 'value' => 'The Value', + 'expire' => 86500, + 'domain' => '.some-domain.com', + 'path' => '/', + 'prefix' => 'myprefix_', + 'secure' => TRUE, + 'samesite' => 'Strict' ); $this->input->set_cookie($cookie); -- cgit v1.2.3-24-g4f1b