rfc:same-site-parameter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:same-site-parameter [2022/12/02 10:54] – Some rewording girgiasrfc:same-site-parameter [2023/01/15 00:53] (current) – Fix typos theodorejb
Line 6: Line 6:
   * Status: Under Discussion   * Status: Under Discussion
   * Target Version: PHP 8.3   * Target Version: PHP 8.3
-  * Implementation: [[https://github.com/php/php-src/pull/7546]]+  * Implementation: [[https://github.com/php/php-src/pull/10317]]
   * First Published at: [[http://wiki.php.net/rfc/same-site-parameter]]   * First Published at: [[http://wiki.php.net/rfc/same-site-parameter]]
  
Line 12: Line 12:
  
 The support for the SameSite cookie attribute has been added in PHP 7.3. The support for the SameSite cookie attribute has been added in PHP 7.3.
-However, it can only be set by passing an array of options with the ''"samesite"'' key defied to the chosen value, this contrasts with all the other attributes.+However, it can only be set by passing an array of options with the ''"samesite"'' key defined to the chosen value, this contrasts with all the other attributes.
  
 This RFC proposes to add a SameSite parameter to all relevant functions. This RFC proposes to add a SameSite parameter to all relevant functions.
Line 29: Line 29:
 ===== Proposal ===== ===== Proposal =====
  
-The proposal consists of two part.+The proposal consists of two parts.
 First, add the following enumeration: First, add the following enumeration:
  
Line 49: Line 49:
    
 Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised. Moreover, if attempting to set the SameSite attribute to None, the Secure attribute must be set, otherwise a ValueError will be raised.
-This behaviour aligns will REFERENCE TO RFC 6265bis (or other) SECTION+This behaviour aligns with section 5.6.19 of the [[https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/|Draft IETF RFC 6265bis]]: 
 +<blockquote> 
 +19.  If the cookie's "same-site-flag" is "None", abort these steps and ignore the cookie entirely unless the cookie's secure-only-flag is true. 
 +</blockquote>
  
 ==== Implementation details ==== ==== Implementation details ====
Line 64: Line 67:
 This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle. This RFC does not contain any backwards incompatible changes for the PHP 8 major release cycle.
  
-In PHP 9, the <php>SameSite $sameSite = SameSite::Lax</php> value will be enforced. Meaning every cookie header set via the relevant function will contain the ''SameSite=Lax'' attribute.+In PHP 9, the <php>SameSite $sameSite = SameSite::Lax</php> value will be enforced. Meaningevery cookie header set via the relevant function will contain the ''SameSite=Lax'' attribute.
  
 ===== Proposed PHP Version ===== ===== Proposed PHP Version =====
Line 74: Line 77:
 As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted. As per the voting RFC a yes/no vote with a 2/3 majority is needed for this proposal to be accepted.
  
-Voting started on 2022-XX-XX and will end on 2022-XX-XX.+Voting started on 2023-XX-XX and will end on 2023-XX-XX.
 <doodle title="Accept Add SameSite cookie attribute parameter RFC?" auth="girgias" voteType="single" closed="true"> <doodle title="Accept Add SameSite cookie attribute parameter RFC?" auth="girgias" voteType="single" closed="true">
    * Yes    * Yes
Line 82: Line 85:
 ===== Implementation ===== ===== Implementation =====
  
-GitHub pull request: https://github.com/php/php-src/pull/XXXX+GitHub pull request: https://github.com/php/php-src/pull/10317
  
 After the project is implemented, this section should contain After the project is implemented, this section should contain
rfc/same-site-parameter.1669978469.txt.gz · Last modified: 2022/12/02 10:54 by girgias

Page Tools