rfc:same-site-parameter
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:same-site-parameter [2022/12/02 02:32] – Created first draft girgias | rfc:same-site-parameter [2023/01/15 00:53] (current) – Fix typos theodorejb | ||
---|---|---|---|
Line 6: | Line 6: | ||
* Status: Under Discussion | * Status: Under Discussion | ||
* Target Version: PHP 8.3 | * Target Version: PHP 8.3 | ||
- | * Implementation: | + | * Implementation: |
* First Published at: [[http:// | * First Published at: [[http:// | ||
Line 12: | Line 12: | ||
The support for the SameSite cookie attribute has been added in PHP 7.3. | The support for the SameSite cookie attribute has been added in PHP 7.3. | ||
- | However, it can only be set by passing an array of options with the ''" | + | However, it can only be set by passing an array of options with the ''" |
This RFC proposes to add a SameSite parameter to all relevant functions. | This RFC proposes to add a SameSite parameter to all relevant functions. | ||
Line 18: | Line 18: | ||
==== Background and Motivation ==== | ==== Background and Motivation ==== | ||
- | Support for the SameSite attribute was added in https:// | + | Support for the SameSite attribute was added in the [[rfc:same-site-cookie|Same Site Cookie]] RFC, the vote was split between two implementations, |
The proposal to add a SameSite parameter was unanimously declined, however, we believe this proposal should be revisited as PHP has changed and gained additional capabilities since version 7.3. | The proposal to add a SameSite parameter was unanimously declined, however, we believe this proposal should be revisited as PHP has changed and gained additional capabilities since version 7.3. | ||
Line 29: | Line 29: | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | The proposal consists of two part. | + | The proposal consists of two parts. |
First, add the following enumeration: | First, add the following enumeration: | ||
Line 40: | Line 40: | ||
</ | </ | ||
- | Which contains the 3 valid values for the SameSite attribute https:// | + | Which contains the 3 valid values for the SameSite attribute |
Secondly, add a < | Secondly, add a < | ||
- | * < | + | * < |
- | * < | + | * < |
- | * < | + | * < |
Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised. | Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised. | ||
- | This behaviour aligns | + | This behaviour aligns |
+ | < | ||
+ | 19. If the cookie' | ||
+ | </ | ||
==== Implementation details ==== | ==== Implementation details ==== | ||
- | Currently, if an invalid or no SameSite attribute is set, the Set-Cookie header is emit without | + | Currently, if no SameSite attribute is set, the Set-Cookie header is emitted |
As it is recommended to set this attribute, we align the default value with the draft internet standard. | As it is recommended to set this attribute, we align the default value with the draft internet standard. | ||
Line 64: | Line 67: | ||
This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle. | This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle. | ||
- | In PHP 9, the < | + | In PHP 9, the < |
===== Proposed PHP Version ===== | ===== Proposed PHP Version ===== | ||
Line 74: | Line 77: | ||
As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted. | As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted. | ||
- | Voting started on 2022-XX-XX and will end on 2022-XX-XX. | + | Voting started on 2023-XX-XX and will end on 2023-XX-XX. |
<doodle title=" | <doodle title=" | ||
* Yes | * Yes | ||
Line 82: | Line 85: | ||
===== Implementation ===== | ===== Implementation ===== | ||
- | GitHub pull request: https:// | + | GitHub pull request: https:// |
After the project is implemented, | After the project is implemented, |
rfc/same-site-parameter.1669948375.txt.gz · Last modified: 2022/12/02 02:32 by girgias