Am 18.01.2023 um 16:26 schrieb Claude Pache <claude.pa...@gmail.com>:
>> Le 18 janv. 2023 à 16:20, Derick Rethans <der...@php.net> a écrit :
>>
>> if (version_compare(phpversion(), "8.4.0", ">")) {
>> setcookie("test", "value", samesite: SameSite::Stricter);
>> } else {
>> setcookie("test", "value", samesite: SameSite::Strict);
>> }
>
> Or even, replace `version_compare(...)` with `SameSite::tryFrom(...) !==
> null`:
> setcookie("test", "value", samesite: SameSite::tryFrom('Stricter') ??
> SameSite::Strict);
Thanks for your replies, I like the second option as it is a feature instead of
a version check.
Now my only itch is that the support for SameSite=Stricter is actually
depending on the browser, not the server so assuming all browser are already
supporting this new mode I should not send a less strict mode just because I'm
using an old PHP version. This is currently possible since setcookie() does not
validate the content of the samesite options.
But as this is somewhat of a special case (most function options do not depend
on something external) and you seem to be confident that the list of SameSite
options will not change any time soon I'll shut up now :-)
Regards,
- Chris
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
