Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
add support for secure cookies
  • Loading branch information
sergix44 committed Jul 31, 2021
1 parent 8402083 commit ab1409e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 12 deletions.
3 changes: 2 additions & 1 deletion app/Web/Session.php
Expand Up @@ -28,7 +28,7 @@ public function __construct(string $name, $path = '')
$params['lifetime'],
$params['path'].'; SameSite=Strict',
$params['domain'],
$params['secure'],
isSecure(),
$params['httponly']
);
}
Expand All @@ -39,6 +39,7 @@ public function __construct(string $name, $path = '')
'cookie_httponly' => true,
'gc_probability' => 25,
'cookie_samesite' => 'Strict', // works only for php >= 7.3
'cookie_secure' => isSecure(),
]);

if (!$started) {
Expand Down
18 changes: 14 additions & 4 deletions app/helpers.php
Expand Up @@ -93,13 +93,13 @@ function stringToBytes(string $str): float
switch ($last) {
case 't':
$val *= 1024;
// no break
// no break
case 'g':
$val *= 1024;
// no break
// no break
case 'm':
$val *= 1024;
// no break
// no break
case 'k':
$val *= 1024;
}
Expand Down Expand Up @@ -528,7 +528,7 @@ function must_be_escaped($mime): bool
{
$mimes = [
'text/htm',
'image/svg'
'image/svg',
];

foreach ($mimes as $m) {
Expand All @@ -540,3 +540,13 @@ function must_be_escaped($mime): bool
return false;
}
}

if (!function_exists('isSecure')) {
/**
* @return bool
*/
function isSecure(): bool
{
return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] === 443;
}
}
14 changes: 7 additions & 7 deletions bootstrap/app.php
Expand Up @@ -10,25 +10,25 @@
use App\Web\View;
use DI\Bridge\Slim\Bridge;
use DI\ContainerBuilder;
use function DI\factory;
use function DI\get;
use Psr\Container\ContainerInterface as Container;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use function DI\factory;
use function DI\get;

if (!file_exists(CONFIG_FILE) && is_dir(BASE_DIR.'install/')) {
header('Location: ./install/');
exit();
} else {
if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
exit('Cannot find the config file.');
}
}

if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
exit('Cannot find the config file.');
}

// Load the config
$config = array_replace_recursive([
'app_name' => 'XBackBone',
'base_url' => isset($_SERVER['HTTPS']) ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
'base_url' => isSecure() ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
'debug' => false,
'maintenance' => false,
'db' => [
Expand Down

0 comments on commit ab1409e

Please sign in to comment.