add support for secure cookies

This commit is contained in:
Sergio Brighenti 2021-07-31 12:55:56 +02:00
parent 84020830ca
commit ab1409e108
3 changed files with 23 additions and 12 deletions

View file

@ -28,7 +28,7 @@ class Session
$params['lifetime'],
$params['path'].'; SameSite=Strict',
$params['domain'],
$params['secure'],
isSecure(),
$params['httponly']
);
}
@ -39,6 +39,7 @@ class Session
'cookie_httponly' => true,
'gc_probability' => 25,
'cookie_samesite' => 'Strict', // works only for php >= 7.3
'cookie_secure' => isSecure(),
]);
if (!$started) {

View file

@ -93,13 +93,13 @@ if (!function_exists('stringToBytes')) {
switch ($last) {
case 't':
$val *= 1024;
// no break
// no break
case 'g':
$val *= 1024;
// no break
// no break
case 'm':
$val *= 1024;
// no break
// no break
case 'k':
$val *= 1024;
}
@ -528,7 +528,7 @@ if (!function_exists('must_be_escaped')) {
{
$mimes = [
'text/htm',
'image/svg'
'image/svg',
];
foreach ($mimes as $m) {
@ -540,3 +540,13 @@ if (!function_exists('must_be_escaped')) {
return false;
}
}
if (!function_exists('isSecure')) {
/**
* @return bool
*/
function isSecure(): bool
{
return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] === 443;
}
}

View file

@ -10,25 +10,25 @@ use App\Web\Session;
use App\Web\View;
use DI\Bridge\Slim\Bridge;
use DI\ContainerBuilder;
use function DI\factory;
use function DI\get;
use Psr\Container\ContainerInterface as Container;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use function DI\factory;
use function DI\get;
if (!file_exists(CONFIG_FILE) && is_dir(BASE_DIR.'install/')) {
header('Location: ./install/');
exit();
} else {
if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
exit('Cannot find the config file.');
}
}
if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
exit('Cannot find the config file.');
}
// Load the config
$config = array_replace_recursive([
'app_name' => 'XBackBone',
'base_url' => isset($_SERVER['HTTPS']) ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
'base_url' => isSecure() ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
'debug' => false,
'maintenance' => false,
'db' => [