rfc:same-site-parameter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:same-site-parameter [2022/12/02 10:54] – Some rewording girgiasrfc:same-site-parameter [2023/01/14 15:11] – PR link girgias
Line 6: Line 6:
   * Status: Under Discussion   * Status: Under Discussion
   * Target Version: PHP 8.3   * Target Version: PHP 8.3
-  * Implementation: [[https://github.com/php/php-src/pull/7546]]+  * Implementation: [[https://github.com/php/php-src/pull/10317]]
   * First Published at: [[http://wiki.php.net/rfc/same-site-parameter]]   * First Published at: [[http://wiki.php.net/rfc/same-site-parameter]]
  
Line 49: Line 49:
    
 Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised. Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised.
-This behaviour aligns will REFERENCE TO RFC 6265bis (or other) SECTION+This behaviour aligns with section 5.6.19 of the [[https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/|Draft IETF RFC 6265bis]]: 
 +<blockquote> 
 +19.  If the cookie's "same-site-flag" is "None", abort these steps and ignore the cookie entirely unless the cookie's secure-only-flag is true. 
 +</blockquote>
  
 ==== Implementation details ==== ==== Implementation details ====
Line 64: Line 67:
 This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle. This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle.
  
-In PHP 9, the <php>SameSite $sameSite = SameSite::Lax</php> value will be enforced. Meaning every cookie header set via the relevant function will contain the ''SameSite=Lax'' attribute.+In PHP 9, the <php>SameSite $sameSite = SameSite::Lax</php> value will be enforced. Meaningevery cookie header set via the relevant function will contain the ''SameSite=Lax'' attribute.
  
 ===== Proposed PHP Version ===== ===== Proposed PHP Version =====
Line 74: Line 77:
 As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted. As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted.
  
-Voting started on 2022-XX-XX and will end on 2022-XX-XX.+Voting started on 2023-XX-XX and will end on 2023-XX-XX.
 <doodle title="Accept Add SameSite cookie attribute parameter RFC?" auth="girgias" voteType="single" closed="true"> <doodle title="Accept Add SameSite cookie attribute parameter RFC?" auth="girgias" voteType="single" closed="true">
    * Yes    * Yes
Line 82: Line 85:
 ===== Implementation ===== ===== Implementation =====
  
-GitHub pull request: https://github.com/php/php-src/pull/XXXX+GitHub pull request: https://github.com/php/php-src/pull/10317
  
 After the project is implemented, this section should contain After the project is implemented, this section should contain
rfc/same-site-parameter.txt · Last modified: 2023/01/15 00:53 by theodorejb

Page Tools