Merge pull request #5 from dorantor/master

Added SameSite support for cookies.

Author: dracony

src/PHPixie/HTTP/Builder.php

@@ -137,13 +137,14 @@ public function sapiSession()
 
     /**
      * Build a single cookie update
-     * @param            $name
-     * @param            $value
-     * @param null       $expires
-     * @param string     $path
-     * @param null       $domain
-     * @param bool       $secure
-     * @param bool       $httpOnly
+     * @param string      $name
+     * @param mixed       $value
+     * @param int|null    $expires
+     * @param string      $path
+     * @param string|null $domain
+     * @param bool        $secure
+     * @param bool        $httpOnly
+     * @param string|null $sameSite
      * @return Context\Cookies\Update
      */
     public function cookiesUpdate(
@@ -153,7 +154,8 @@ public function cookiesUpdate(
         $path = '/',
         $domain = null,
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     )
     {
         return new Context\Cookies\Update(
@@ -163,8 +165,9 @@ public function cookiesUpdate(
             $path,
             $domain,
             $secure,
-            $httpOnly
-        );    
+            $httpOnly,
+            $sameSite
+        );
     }
 
     /**
@@ -187,7 +190,7 @@ protected function instance($name)
             $method = 'build'.ucfirst($name);
             $this->instances[$name] = $this->$method();
         }
-        
+
         return $this->instances[$name];
     }
 
@@ -214,4 +217,4 @@ protected function buildOutput()
     {
         return new Output();
     }
-}
+}

src/PHPixie/HTTP/Context/Cookies.php

@@ -42,10 +42,10 @@ public function __construct($builder, $cookies = array())
      */
     public function get($name, $default = null)
     {
-        if($this->exists($name)) {
+        if ($this->exists($name)) {
             return $this->cookies[$name];
         }
-        
+
         return $default;
     }
 
@@ -57,24 +57,25 @@ public function get($name, $default = null)
      */
     public function getRequired($name)
     {
-        if($this->exists($name)) {
+        if ($this->exists($name)) {
             return $this->cookies[$name];
         }
-        
+
         throw new \PHPixie\HTTP\Exception("Cookie '$name' is not set");
     }
 
     /**
      * Set cookie
      *
      * See the PHP setcookie() function for more details
-     * @param string $name
-     * @param mixed $value
-     * @param int|null $lifetime
-     * @param string|null $path
+     * @param string      $name
+     * @param mixed       $value
+     * @param int|null    $lifetime
+     * @param string      $path
      * @param string|null $domain
-     * @param boolean $secure
-     * @param bool $httpOnly
+     * @param bool        $secure
+     * @param bool        $httpOnly
+     * @param string|null $sameSite
      * @return void
      */
     public function set(
@@ -84,31 +85,31 @@ public function set(
         $path = '/',
         $domain = null,
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     )
     {
-        if($lifetime !== null) {
+        if ($lifetime !== null) {
             $expires = time() + $lifetime;
-            
-        }else{
+        } else {
             $expires = null;
         }
-        
-        if($lifetime < 0) {
+
+        if ($lifetime < 0) {
             unset($this->cookies[$name]);
-            
-        }else {
-            $this->cookies[$name] = $value;            
+        } else {
+            $this->cookies[$name] = $value;
         }
-        
+
         $this->updates[$name] = $this->builder->cookiesUpdate(
             $name,
             $value,
             $expires,
             $path,
             $domain,
             $secure,
-            $httpOnly
+            $httpOnly,
+            $sameSite
         );
     }
 
@@ -149,4 +150,4 @@ public function asArray()
     {
         return $this->cookies;
     }
-}
+}

src/PHPixie/HTTP/Context/Cookies/Update.php

@@ -42,15 +42,21 @@ class Update {
      */
     protected $httpOnly;
 
+    /**
+     * @var string|null
+     */
+    protected $sameSite;
+
     /**
      * Constructor
-     * @param string $name
-     * @param mixed $value
-     * @param int|null $expires
-     * @param string $path
+     * @param string      $name
+     * @param mixed       $value
+     * @param int|null    $expires
+     * @param string      $path
      * @param string|null $domain
-     * @param bool $secure
-     * @param bool $httpOnly
+     * @param bool        $secure
+     * @param bool        $httpOnly
+     * @param string|null $sameSite
      */
     public function __construct(
         $name,
@@ -59,7 +65,8 @@ public function __construct(
         $path = '/',
         $domain = null,
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     )
     {
         $this->name     = $name;
@@ -69,6 +76,7 @@ public function __construct(
         $this->domain   = $domain;
         $this->secure   = $secure;
         $this->httpOnly = $httpOnly;
+        $this->sameSite = in_array(strtolower($sameSite), ['lax', 'strict', 'none']) ? $sameSite : null;
     }
 
     /**
@@ -134,34 +142,47 @@ public function httpOnly()
         return $this->httpOnly;
     }
 
+    /**
+     * Same site "flag"
+     * @return null|string
+     */
+    public function sameSite()
+    {
+        return $this->sameSite;
+    }
+
     /**
      * Get header representation
      * @return string
      */
     public function asHeader()
     {
-        $header = urlencode($this->name).'='.urlencode((string) $this->value);
-        
-        if($this->domain !== null) {
-            $header.= '; domain='.$this->domain;
+        $header = urlencode($this->name) . '=' . urlencode((string) $this->value);
+
+        if ($this->domain !== null) {
+            $header .= '; domain=' . $this->domain;
         }
-        
-        if($this->path !== null) {
-            $header.= '; path='.$this->path;
+
+        if ($this->path !== null) {
+            $header .= '; path=' . $this->path;
         }
-        
-        if($this->expires !== null) {
-            $header.= '; expires=' . gmdate('D, d-M-Y H:i:s e', $this->expires);
+
+        if ($this->expires !== null) {
+            $header .= '; expires=' . gmdate('D, d-M-Y H:i:s e', $this->expires);
         }
-        
-        if($this->secure) {
-            $header.= '; secure';
+
+        if ($this->secure) {
+            $header .= '; secure';
         }
-        
-        if($this->httpOnly) {
-            $header.= '; HttpOnly';
+
+        if ($this->httpOnly) {
+            $header .= '; HttpOnly';
+        }
+
+        if ($this->sameSite) {
+            $header .= '; SameSite=' . $this->sameSite;
         }
-        
+
         return $header;
     }
-}
+}