diff --git a/app/Config/App.php b/app/Config/App.php
index 82e27e3918f888d6c45d549c2775caebd1ff51ce..134dab1789ca80dce3c91e6713e5ddcdcc006664 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -216,6 +216,85 @@ class App extends BaseConfig
*/
public bool $sessionRegenerateDestroy = false;
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie Prefix
+ * --------------------------------------------------------------------------
+ *
+ * Set a cookie name prefix if you need to avoid collisions.
+ *
+ * @deprecated use Config\Cookie::$prefix property instead.
+ */
+ public string $cookiePrefix = '';
+
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie Domain
+ * --------------------------------------------------------------------------
+ *
+ * Set to `.your-domain.com` for site-wide cookies.
+ *
+ * @deprecated use Config\Cookie::$domain property instead.
+ */
+ public string $cookieDomain = '';
+
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie Path
+ * --------------------------------------------------------------------------
+ *
+ * Typically will be a forward slash.
+ *
+ * @deprecated use Config\Cookie::$path property instead.
+ */
+ public string $cookiePath = '/';
+
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie Secure
+ * --------------------------------------------------------------------------
+ *
+ * Cookie will only be set if a secure HTTPS connection exists.
+ *
+ * @deprecated use Config\Cookie::$secure property instead.
+ */
+ public bool $cookieSecure = false;
+
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie HttpOnly
+ * --------------------------------------------------------------------------
+ *
+ * Cookie will only be accessible via HTTP(S) (no JavaScript).
+ *
+ * @deprecated use Config\Cookie::$httponly property instead.
+ */
+ public bool $cookieHTTPOnly = true;
+
+ /**
+ * --------------------------------------------------------------------------
+ * Cookie SameSite
+ * --------------------------------------------------------------------------
+ *
+ * Configure cookie SameSite setting. Allowed values are:
+ * - None
+ * - Lax
+ * - Strict
+ * - ''
+ *
+ * Alternatively, you can use the constant names:
+ * - `Cookie::SAMESITE_NONE`
+ * - `Cookie::SAMESITE_LAX`
+ * - `Cookie::SAMESITE_STRICT`
+ *
+ * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
+ * (empty string) means default SameSite attribute set by browsers (`Lax`)
+ * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
+ *
+ * @deprecated use Config\Cookie::$samesite property instead.
+ */
+ public string $cookieSameSite = 'Lax';
+
/**
* --------------------------------------------------------------------------
* Reverse Proxy IPs
@@ -236,6 +315,91 @@ class App extends BaseConfig
*/
public string | array $proxyIPs = '';
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Token Name
+ * --------------------------------------------------------------------------
+ *
+ * The token name.
+ *
+ * @deprecated Use `Config\Security` $tokenName property instead of using this property.
+ */
+ public string $CSRFTokenName = 'csrf_test_name';
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Header Name
+ * --------------------------------------------------------------------------
+ *
+ * The header name.
+ *
+ * @deprecated Use `Config\Security` $headerName property instead of using this property.
+ */
+ public string $CSRFHeaderName = 'X-CSRF-TOKEN';
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Cookie Name
+ * --------------------------------------------------------------------------
+ *
+ * The cookie name.
+ *
+ * @deprecated Use `Config\Security` $cookieName property instead of using this property.
+ */
+ public string $CSRFCookieName = 'csrf_cookie_name';
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Expire
+ * --------------------------------------------------------------------------
+ *
+ * The number in seconds the token should expire.
+ *
+ * @deprecated Use `Config\Security` $expire property instead of using this property.
+ */
+ public int $CSRFExpire = 7200;
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Regenerate
+ * --------------------------------------------------------------------------
+ *
+ * Regenerate token on every submission?
+ *
+ * @deprecated Use `Config\Security` $regenerate property instead of using this property.
+ */
+ public bool $CSRFRegenerate = true;
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF Redirect
+ * --------------------------------------------------------------------------
+ *
+ * Redirect to previous page with error on failure?
+ *
+ * @deprecated Use `Config\Security` $redirect property instead of using this property.
+ */
+ public bool $CSRFRedirect = true;
+
+ /**
+ * --------------------------------------------------------------------------
+ * CSRF SameSite
+ * --------------------------------------------------------------------------
+ *
+ * Setting for CSRF SameSite cookie token. Allowed values are:
+ * - None
+ * - Lax
+ * - Strict
+ * - ''
+ *
+ * Defaults to `Lax` as recommended in this link:
+ *
+ * @see https://portswigger.net/web-security/csrf/samesite-cookies
+ *
+ * @deprecated Use `Config\Security` $samesite property instead of using this property.
+ */
+ public string $CSRFSameSite = 'Lax';
+
/**
* --------------------------------------------------------------------------
* Content Security Policy