fixes case sensitivity for SameSite directive

CHANGELOG.md

@@ -44,7 +44,7 @@ All notable changes to this project will be documented in this file, in reverse
 
 ### Fixed
 
-- Nothing.
+- [#207](https://github.com/zendframework/zend-http/pull/207) fixes case sensitivity for SameSite directive.
 
 ## 2.11.1 - 2019-12-04
 

src/Header/SetCookie.php

@@ -39,9 +39,9 @@ class SetCookie implements MultipleHeaderInterface
      * @internal
      */
     const SAME_SITE_ALLOWED_VALUES = [
-        self::SAME_SITE_STRICT,
-        self::SAME_SITE_LAX,
-        self::SAME_SITE_NONE,
+        'strict' => self::SAME_SITE_STRICT,
+        'lax' => self::SAME_SITE_LAX,
+        'none' => self::SAME_SITE_NONE
     ];
 
     /**
@@ -337,7 +337,7 @@ public function getFieldValue()
         }
 
         $sameSite = $this->getSameSite();
-        if ($sameSite !== null && in_array($sameSite, self::SAME_SITE_ALLOWED_VALUES, true)) {
+        if ($sameSite !== null && array_key_exists(strtolower($sameSite), self::SAME_SITE_ALLOWED_VALUES)) {
             $fieldValue .= '; SameSite=' . $sameSite;
         }
 
@@ -618,13 +618,18 @@ public function getSameSite()
      */
     public function setSameSite($sameSite)
     {
-        if ($sameSite !== null && ! in_array($sameSite, self::SAME_SITE_ALLOWED_VALUES, true)) {
-            throw new Exception\InvalidArgumentException(sprintf(
-                'Invalid value provided for SameSite directive: "%s"; expected one of: Strict, Lax or None',
-                is_scalar($sameSite) ? $sameSite : gettype($sameSite)
-            ));
+        if ($sameSite !== null) {
+            if (array_key_exists(strtolower($sameSite), self::SAME_SITE_ALLOWED_VALUES)) {
+                $this->sameSite = self::SAME_SITE_ALLOWED_VALUES[strtolower($sameSite)];
+            } else {
+                throw new Exception\InvalidArgumentException(sprintf(
+                    'Invalid value provided for SameSite directive: "%s"; expected one of: Strict, Lax or None',
+                    is_scalar($sameSite) ? $sameSite : gettype($sameSite)
+                ));
+            }
+        } else {
+            $this->sameSite = $sameSite;
         }
-        $this->sameSite = $sameSite;
         return $this;
     }
 

test/Header/SetCookieTest.php

@@ -69,6 +69,32 @@ public function testSetCookieConstructorWithSameSite()
         $this->assertEquals('Strict', $setCookieHeader->getSameSite());
     }
 
+    public function testSetCookieConstructorWithSameSiteCaseInsensitive()
+    {
+        $setCookieHeader = new SetCookie(
+            'myname',
+            'myvalue',
+            'Wed, 13-Jan-2021 22:23:01 GMT',
+            '/accounts',
+            'docs.foo.com',
+            true,
+            true,
+            99,
+            9,
+            strtolower(SetCookie::SAME_SITE_STRICT)
+        );
+        $this->assertEquals('myname', $setCookieHeader->getName());
+        $this->assertEquals('myvalue', $setCookieHeader->getValue());
+        $this->assertEquals('Wed, 13-Jan-2021 22:23:01 GMT', $setCookieHeader->getExpires());
+        $this->assertEquals('/accounts', $setCookieHeader->getPath());
+        $this->assertEquals('docs.foo.com', $setCookieHeader->getDomain());
+        $this->assertTrue($setCookieHeader->isSecure());
+        $this->assertTrue($setCookieHeader->isHttpOnly());
+        $this->assertEquals(99, $setCookieHeader->getMaxAge());
+        $this->assertEquals(9, $setCookieHeader->getVersion());
+        $this->assertEquals(SetCookie::SAME_SITE_STRICT, $setCookieHeader->getSameSite());
+    }
+
     public function testSetCookieWithInvalidSameSiteValueThrowException()
     {
         $this->expectException(InvalidArgumentException::class);
@@ -161,6 +187,39 @@ public function testSetCookieFromStringCanCreateSingleHeader()
         $this->assertTrue($setCookieHeader->isSecure());
         $this->assertTrue($setCookieHeader->isHttponly());
         $this->assertEquals(setCookie::SAME_SITE_STRICT, $setCookieHeader->getSameSite());
+
+        $setCookieHeader = SetCookie::fromString(
+            'set-cookie: myname=myvalue; Domain=docs.foo.com; Path=/accounts;'
+            . 'Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly; SameSite=strict'
+        );
+        $this->assertInstanceOf(MultipleHeaderInterface::class, $setCookieHeader);
+        $this->assertEquals('myname', $setCookieHeader->getName());
+        $this->assertEquals('myvalue', $setCookieHeader->getValue());
+        $this->assertEquals('docs.foo.com', $setCookieHeader->getDomain());
+        $this->assertEquals('/accounts', $setCookieHeader->getPath());
+        $this->assertEquals('Wed, 13-Jan-2021 22:23:01 GMT', $setCookieHeader->getExpires());
+        $this->assertTrue($setCookieHeader->isSecure());
+        $this->assertTrue($setCookieHeader->isHttponly());
+        $this->assertEquals(setCookie::SAME_SITE_STRICT, $setCookieHeader->getSameSite());
+    }
+
+    public function testFieldValueWithSameSiteCaseInsensitive()
+    {
+        $setCookieHeader = SetCookie::fromString(
+            'set-cookie: myname=myvalue; SameSite=Strict'
+        );
+        $this->assertEquals(
+            'myname=myvalue; SameSite=Strict',
+            $setCookieHeader->getFieldValue()
+        );
+
+        $setCookieHeader = SetCookie::fromString(
+            'set-cookie: myname=myvalue; SameSite=strict'
+        );
+        $this->assertEquals(
+            'myname=myvalue; SameSite=Strict',
+            $setCookieHeader->getFieldValue()
+        );
     }
 
     public function testSetCookieFromStringCanCreateMultipleHeaders()