Open Baachi opened 1 year ago
The PHP native webserver handle this value correctly:
if (!isset($_COOKIE['csrf'])) {
header('Location: index_webserver.php');
setcookie('csrf', 'qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=');
exit;
}
var_dump($_COOKIE['csrf']); // Prints qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=
And just as a context. We don't set the cookie ourselves. We use Ory Kratos which sends the csrf token with a "+" sign.
If we add a cookie with a "+" as value, this value get's encoded as " ".
Should be
qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=
or at least a method to get the raw cookie.The sign is interpreted as space.
MacOS and Linux (Alpine) with PHP 8.2. We use the native php alpine image from docker hub and install openswoole via https://github.com/mlocati/docker-php-extension-installer.