Skip to content

fix: ucfirst all cookie samesite values#9564

Merged
paulbalandan merged 5 commits intocodeigniter4:4.7from
paulbalandan:fix-cookie-samesite-empty-defaults
May 20, 2025
Merged

fix: ucfirst all cookie samesite values#9564
paulbalandan merged 5 commits intocodeigniter4:4.7from
paulbalandan:fix-cookie-samesite-empty-defaults

Conversation

@paulbalandan
Copy link
Member

@paulbalandan paulbalandan commented May 17, 2025

Description
If you run vendor/bin/phpunit --filter CookieTest you get:

vendor/bin/phpunit --filter CookieTest
PHPUnit 11.5.20 by Sebastian Bergmann and contributors.

Runtime:       PHP 8.3.21 with Xdebug 3.4.3
Configuration: /Users/paul/Workspace/CodeIgniter4/phpunit.xml.dist

..F.............................................                                                                                        48 / 48 (100%)

Time: 00:02.209, Memory: 80.00 MB

There was 1 failure:

1) CodeIgniter\Cookie\CookieTest::testCookieInitializationWithDefaults
Failed asserting that two strings are identical.
--- Expected
+++ Actual
@@ @@
-'lax'
+'Lax'

/Users/paul/Workspace/CodeIgniter4/tests/system/Cookie/CookieTest.php:58

FAILURES!
Tests: 48, Assertions: 133, Failures: 1.

Generating code coverage report in Clover XML format ... done [00:00.432]

Generating code coverage report in HTML format ... done [00:02.914]

This is because when you pass an empty defaults array (or did not pass anything) to Cookie::setDefaults(), the samesite value set is self::SAMESITE_LAX equal to lax. Now, we transform the samesite value to ucfirst in the constructor so that it would be consistent everywhere. Even the cookie config's allowed value for samesite is in ucfirst. I thought we have done that pretty much everywhere but found out this case wasn't. This failure was not caught since the test case is run along with the other tests. Running it by itself shows the issue.

I have targeted 4.7 since I'm changing the values of the constants so I think this is a behavior change. Let me know if this is ok in develop.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@paulbalandan paulbalandan added the bug Verified issues on the current code behavior or pull requests that will fix them label May 17, 2025
@michalsn
Copy link
Member

michalsn commented May 17, 2025

Yes, this should go to the 4.7 branch.

@michalsn
Copy link
Member

michalsn commented May 17, 2025

Oh, we should also adjust the user guide: https://github.com/codeigniter4/CodeIgniter4/blob/develop/user_guide_src/source/libraries/cookies/006.php

michalsn
michalsn approved these changes May 18, 2025
View reviewed changes
Copy link
Member

@michalsn michalsn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changelog entry?

@paulbalandan
Copy link
Member Author

paulbalandan commented May 18, 2025

Thanks, added

ddevsr
ddevsr reviewed May 19, 2025
View reviewed changes
ddevsr
ddevsr reviewed May 19, 2025
View reviewed changes
@paulbalandan paulbalandan force-pushed the fix-cookie-samesite-empty-defaults branch from e73a328 to 2cc7775 Compare May 19, 2025 10:49
samsonasik
samsonasik reviewed May 20, 2025
View reviewed changes
@paulbalandan
Copy link
Member Author

paulbalandan commented May 20, 2025

Thanks all for the reviews.

@paulbalandan paulbalandan merged commit 4d912e3 into codeigniter4:4.7 May 20, 2025
50 checks passed
@paulbalandan paulbalandan deleted the fix-cookie-samesite-empty-defaults branch May 20, 2025 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalsn michalsn michalsn approved these changes

@samsonasik samsonasik samsonasik approved these changes

+1 more reviewer

@ddevsr ddevsr ddevsr left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bug Verified issues on the current code behavior or pull requests that will fix them

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@paulbalandan @michalsn @samsonasik @ddevsr

Comments