Implement cookie handling with SameSite support and validation.#53
Merged
gustavofreze merged 1 commit intomainfrom Apr 17, 2026
Merged
Implement cookie handling with SameSite support and validation.#53gustavofreze merged 1 commit intomainfrom
gustavofreze merged 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds first-class Set-Cookie support to the TinyBlocks HTTP response model, including SameSite handling and cookie name/value validation, while improving response header composition to support multi-value headers like Set-Cookie.
Changes:
- Introduces
CookieandSameSitepublic APIs and internal validation/value objects for RFC-oriented cookie name/value constraints. - Updates internal response header aggregation to preserve multiple header values (enabling multiple
Set-Cookieheaders) and adds tests around case-insensitive header operations. - Documents cookie usage patterns in the README and adds dedicated PHPUnit coverage for cookie serialization and invariants.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/SameSiteTest.php | Verifies SameSite enum backed values match Set-Cookie casing. |
| tests/ResponseWithCookiesTest.php | Ensures responses preserve one or multiple Set-Cookie values and coexist with other headers. |
| tests/HeadersTest.php | Adds coverage for withAddedHeader(), case-insensitive header operations, and header merging behavior. |
| tests/CookieTest.php | Covers cookie serialization order, immutability, expires formatting, and invariant exceptions. |
| src/SameSite.php | Adds SameSite backed enum for cookie attribute rendering. |
| src/Cookie.php | Implements an immutable Cookie header value object with fluent builders and serialization. |
| src/Internal/Cookies/CookieName.php | Adds cookie name validation and string conversion. |
| src/Internal/Cookies/CookieValue.php | Adds cookie value validation and string conversion. |
| src/Internal/Exceptions/*.php | Introduces specific exceptions for invalid cookies and invariant violations. |
| src/Internal/Response/ResponseHeaders.php | Changes header merging and adds case-insensitive header lookup/add/replace/remove helpers. |
| src/Internal/Response/InternalResponse.php | Fixes header mutation methods to operate on existing headers instead of replacing them. |
| README.md | Documents cookie creation, multiple cookies, expiration, expires usage, and SameSite rules. |
| .github/copilot-instructions.md | Adds repository-specific Copilot task guidance. |
| .claude/CLAUDE.md | Adds project workflow/testing command guidance. |
| .claude/rules/*.md | Adds Claude rule files for testing, domain modeling, code style, docs, and workflows. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.