From 433745f194c73407999b207090478563283876a5 Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Tue, 25 May 2021 11:02:56 +0000
Subject: [PATCH] revert: set deprecated config options back in App config

---
 app/Config/App.php | 164 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 164 insertions(+)

diff --git a/app/Config/App.php b/app/Config/App.php
index 82e27e3918..134dab1789 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -216,6 +216,85 @@ class App extends BaseConfig
      */
     public bool $sessionRegenerateDestroy = false;
 
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Prefix
+     * --------------------------------------------------------------------------
+     *
+     * Set a cookie name prefix if you need to avoid collisions.
+     *
+     * @deprecated use Config\Cookie::$prefix property instead.
+     */
+    public string $cookiePrefix = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Domain
+     * --------------------------------------------------------------------------
+     *
+     * Set to `.your-domain.com` for site-wide cookies.
+     *
+     * @deprecated use Config\Cookie::$domain property instead.
+     */
+    public string $cookieDomain = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Path
+     * --------------------------------------------------------------------------
+     *
+     * Typically will be a forward slash.
+     *
+     * @deprecated use Config\Cookie::$path property instead.
+     */
+    public string $cookiePath = '/';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Secure
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be set if a secure HTTPS connection exists.
+     *
+     * @deprecated use Config\Cookie::$secure property instead.
+     */
+    public bool $cookieSecure = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie HttpOnly
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be accessible via HTTP(S) (no JavaScript).
+     *
+     * @deprecated use Config\Cookie::$httponly property instead.
+     */
+    public bool $cookieHTTPOnly = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie SameSite
+     * --------------------------------------------------------------------------
+     *
+     * Configure cookie SameSite setting. Allowed values are:
+     * - None
+     * - Lax
+     * - Strict
+     * - ''
+     *
+     * Alternatively, you can use the constant names:
+     * - `Cookie::SAMESITE_NONE`
+     * - `Cookie::SAMESITE_LAX`
+     * - `Cookie::SAMESITE_STRICT`
+     *
+     * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
+     * (empty string) means default SameSite attribute set by browsers (`Lax`)
+     * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
+     *
+     * @deprecated use Config\Cookie::$samesite property instead.
+     */
+    public string $cookieSameSite = 'Lax';
+
     /**
      * --------------------------------------------------------------------------
      * Reverse Proxy IPs
@@ -236,6 +315,91 @@ class App extends BaseConfig
      */
     public string | array $proxyIPs = '';
 
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Name
+     * --------------------------------------------------------------------------
+     *
+     * The token name.
+     *
+     * @deprecated Use `Config\Security` $tokenName property instead of using this property.
+     */
+    public string $CSRFTokenName = 'csrf_test_name';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Header Name
+     * --------------------------------------------------------------------------
+     *
+     * The header name.
+     *
+     * @deprecated Use `Config\Security` $headerName property instead of using this property.
+     */
+    public string $CSRFHeaderName = 'X-CSRF-TOKEN';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Cookie Name
+     * --------------------------------------------------------------------------
+     *
+     * The cookie name.
+     *
+     * @deprecated Use `Config\Security` $cookieName property instead of using this property.
+     */
+    public string $CSRFCookieName = 'csrf_cookie_name';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Expire
+     * --------------------------------------------------------------------------
+     *
+     * The number in seconds the token should expire.
+     *
+     * @deprecated Use `Config\Security` $expire property instead of using this property.
+     */
+    public int $CSRFExpire = 7200;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Regenerate
+     * --------------------------------------------------------------------------
+     *
+     * Regenerate token on every submission?
+     *
+     * @deprecated Use `Config\Security` $regenerate property instead of using this property.
+     */
+    public bool $CSRFRegenerate = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Redirect
+     * --------------------------------------------------------------------------
+     *
+     * Redirect to previous page with error on failure?
+     *
+     * @deprecated Use `Config\Security` $redirect property instead of using this property.
+     */
+    public bool $CSRFRedirect = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF SameSite
+     * --------------------------------------------------------------------------
+     *
+     * Setting for CSRF SameSite cookie token. Allowed values are:
+     * - None
+     * - Lax
+     * - Strict
+     * - ''
+     *
+     * Defaults to `Lax` as recommended in this link:
+     *
+     * @see https://portswigger.net/web-security/csrf/samesite-cookies
+     *
+     * @deprecated Use `Config\Security` $samesite property instead of using this property.
+     */
+    public string $CSRFSameSite = 'Lax';
+
     /**
      * --------------------------------------------------------------------------
      * Content Security Policy
-- 
GitLab