Merge pull request #3042 from arneee/patch-1

Allow "none" as SameSite value in cookies
slimphp · Mar 2, 2021 · 5850aae · 5850aae
2 parents 5ca71b9 + 54d9ef3
commit 5850aae
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Slim/Http/Cookies.php b/Slim/Http/Cookies.php
@@ -135,7 +135,8 @@ protected function toHeader($name, array $properties)
             $result .= '; HttpOnly';
         }
 
-        if (isset($properties['samesite']) && in_array(strtolower($properties['samesite']), ['lax', 'strict'], true)) {
+        if (isset($properties['samesite'])
+            && in_array(strtolower($properties['samesite']), ['lax', 'strict', 'none'], true)) {
             // While strtolower is needed for correct comparison, the RFC doesn't care about case
             $result .= '; SameSite=' . $properties['samesite'];
         }