Upgrading from 4.0.4 to 4.0.5¶
Cookie SameSite support
CodeIgniter 4.0.5 introduces a setting for the cookie SameSite attribute. Prior versions did not set this attribute at all. The default setting for cookies is now Lax. This will affect how cookies are handled in cross-domain contexts and you may need to adjust this setting in your projects. Separate settings in app/Config/App.php exists for Response cookies and for CSRF cookies.
The HTTP layer is moving towards PSR-7 compliance. Towards this end
Message::getHeaders() are deprecated and should be replaced
Message::headers() respectively. Note that this pertains
to all classes that extend
Message as well:
Response and their subclasses.
Additional related deprecations from the HTTP layer:
Message::isJSON: Check the “Content-Type” header directly
Request[Interface]::isValidIP: Use the Validation class with
$upperparameter will be removed, use str_to_upper()
Request[Trait]::$ipAddress: This property will become private
Request::$proxyIPs: This property will be removed; access
Request::__construct(): The constructor will no longer take
Config\Appand has been made nullable to aid transition
Response[Interface]::getStatusCode(): The explicit
intreturn type will be removed (no action required)
This interface intends to include the necessary methods for any framework-compatible response class.
A number of methods expected by the framework were missing and have noe been added. If you use any
classes the implement
ResponseInterface directly they will need to be compatible with the
updated requirements. These methods are as follows:
setJSON($body, bool $unencoded = false);
setCookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = false, $httponly = false, $samesite = null);
hasCookie(string $name, string $value = null, string $prefix = ''): bool;
getCookie(string $name = null, string $prefix = '');
deleteCookie(string $name = '', string $domain = '', string $path = '/', string $prefix = '');
redirect(string $uri, string $method = 'auto', int $code = null);
download(string $filename = '', $data = '', bool $setMime = false);
To facilitate use of this interface these methods have been moved from the framework’s
Response into a
which you may use, and
DownloadResponse now extends
Response directly to ensure maximum compatibility.
Service discovery has been updated to allow third-party services (when enabled via Modules) to take precedence over core services. Update
app/Config/Services.php so the class extends
CodeIgniter\Config\BaseService to allow proper discovery of third-party services.
Numerous files in the project space (root, app, public, writable) received updates. Due to these files being outside of the system scope they will not be changed without your intervention. There are some third-party CodeIgniter modules available to assist with merging changes to the project space: Explore on Packagist.
Except in very rare cases for bug fixes, no changes made to files for the project space will break your application. All changes noted here are optional until the next major version, and any mandatory changes will be covered in the sections above.
The following files received significant changes (including deprecations or visual adjustments) and it is recommended that you merge the updated versions with your application:
This is a list of all files in the project space that received changes; many will be simple comments or formatting that have no affect on the runtime: