Add fallback for Config\Cookie

system/Cookie/Cookie.php

@@ -13,7 +13,6 @@
 
 use ArrayAccess;
 use CodeIgniter\Cookie\Exceptions\CookieException;
-use Config\App;
 use Config\Cookie as CookieConfig;
 use DateTimeInterface;
 use InvalidArgumentException;
@@ -128,7 +127,6 @@ class Cookie implements ArrayAccess, CloneableCookieInterface
 	public static function setDefaults($config = [])
 	{
 		$oldDefaults = self::$defaults;
-
 		$newDefaults = [];
 
 		if ($config instanceof CookieConfig)
@@ -222,16 +220,15 @@ final public function __construct(string $name, string $value = '', array $optio
 			unset($options['max-age']);
 		}
 
-		// to retain BC
+		// to retain backward compatibility with previous versions' fallback
 		$prefix   = $options['prefix'] ?: self::$defaults['prefix'];
 		$path     = $options['path'] ?: self::$defaults['path'];
 		$domain   = $options['domain'] ?: self::$defaults['domain'];
 		$secure   = $options['secure'] ?: self::$defaults['secure'];
 		$httponly = $options['httponly'] ?: self::$defaults['httponly'];
 		$samesite = $options['samesite'] ?: self::$defaults['samesite'];
-		$raw      = $options['raw'] ?: self::$defaults['raw'];
 
-		$this->validateName($name, $raw);
+		$this->validateName($name, $options['raw']);
 		$this->validatePrefix($prefix, $secure, $path, $domain);
 		$this->validateSameSite($samesite, $secure);
 
@@ -244,7 +241,7 @@ final public function __construct(string $name, string $value = '', array $optio
 		$this->secure   = $secure;
 		$this->httponly = $httponly;
 		$this->samesite = ucfirst(strtolower($samesite));
-		$this->raw      = $raw;
+		$this->raw      = $options['raw'];
 	}
 
 	//=========================================================================
@@ -289,9 +286,7 @@ public function getPrefixedName(): string
 		else
 		{
 			$search  = str_split(self::$reservedCharsList);
-			$replace = array_map(static function (string $char): string {
-				return rawurlencode($char);
-			}, $search);
+			$replace = array_map('rawurlencode', $search);
 
 			$name .= str_replace($search, $replace, $this->getName());
 		}

system/HTTP/Response.php

@@ -174,7 +174,15 @@ public function __construct($config)
 		}
 
 		$this->cookieStore = new CookieStore([]);
-		Cookie::setDefaults(config('Cookie'));
+		Cookie::setDefaults(config('Cookie') ?? [
+			// @todo Remove this fallback when deprecated `App` members are removed
+			'prefix'   => $config->cookiePrefix,
+			'path'     => $config->cookiePath,
+			'domain'   => $config->cookieDomain,
+			'secure'   => $config->cookieSecure,
+			'httponly' => $config->cookieHTTPOnly,
+			'samesite' => $config->cookieSameSite ?? Cookie::SAMESITE_LAX,
+		]);
 
 		// Default to an HTML Content-Type. Devs can override if needed.
 		$this->setContentType('text/html');

system/Security/Security.php

@@ -127,9 +127,7 @@ class Security implements SecurityInterface
 	 */
 	public function __construct(App $config)
 	{
-		/**
-		 * @var SecurityConfig
-		 */
+		/** @var SecurityConfig */
 		$security = config('Security');
 
 		// Store CSRF-related configurations
@@ -138,9 +136,7 @@ public function __construct(App $config)
 		$this->regenerate = $security->regenerate ?? $config->CSRFRegenerate ?? $this->regenerate;
 		$rawCookieName    = $security->cookieName ?? $config->CSRFCookieName ?? $this->cookieName;
 
-		/**
-		 * @var CookieConfig
-		 */
+		/** @var CookieConfig */
 		$cookie = config('Cookie');
 
 		$cookiePrefix     = $cookie->prefix ?? $config->cookiePrefix;

system/Session/Session.php

@@ -187,19 +187,17 @@ public function __construct(SessionHandlerInterface $driver, App $config)
 		$this->cookieSecure   = $config->cookieSecure ?? $this->cookieSecure;
 		$this->cookieSameSite = $config->cookieSameSite ?? $this->cookieSameSite;
 
-		/**
-		 * @var CookieConfig
-		 */
-		$config = config('Cookie');
+		/** @var CookieConfig */
+		$cookie = config('Cookie');
 
 		$this->cookie = new Cookie($this->sessionCookieName, '', [
 			'expires'  => $this->sessionExpiration === 0 ? 0 : time() + $this->sessionExpiration,
-			'path'     => $config->path,
-			'domain'   => $config->domain,
-			'secure'   => $config->secure,
+			'path'     => $cookie->path ?? $config->cookiePath,
+			'domain'   => $cookie->domain ?? $config->cookieDomain,
+			'secure'   => $cookie->secure ?? $config->cookieSecure,
 			'httponly' => true, // for security
-			'samesite' => $config->samesite,
-			'raw'      => $config->raw,
+			'samesite' => $cookie->samesite ?? $config->cookieSameSite ?? Cookie::SAMESITE_LAX,
+			'raw'      => $cookie->raw ?? false,
 		]);
 
 		helper('array');

tests/system/Cookie/CookieTest.php

@@ -174,40 +174,24 @@ public function testSetCookieHeaderCreation(string $header, array $changed): voi
 	public static function setCookieHeaderProvider(): iterable
 	{
 		yield 'basic' => [
-				  'test=value',
-				  [
-					  'name'  => 'test',
-					  'value' => 'value',
-				  ],
-			  ];
+			'test=value',
+			['name' => 'test', 'value' => 'value'],
+		];
 
 		yield 'empty-value' => [
-				  'test',
-				  [
-					  'name'  => 'test',
-					  'value' => '',
-				  ],
-			  ];
+			'test',
+			['name' => 'test', 'value' => ''],
+		];
 
 		yield 'with-other-attrs' => [
-				  'test=value; Max-Age=3600; Path=/web',
-				  [
-					  'name'  => 'test',
-					  'value' => 'value',
-					  'path'  => '/web',
-				  ],
-			  ];
+			'test=value; Max-Age=3600; Path=/web',
+			['name' => 'test', 'value' => 'value', 'path' => '/web'],
+		];
 
 		yield 'with-flags' => [
-				  'test=value; Secure; HttpOnly; SameSite=Lax',
-				  [
-					  'name'     => 'test',
-					  'value'    => 'value',
-					  'secure'   => true,
-					  'httponly' => true,
-					  'samesite' => 'Lax',
-				  ],
-			  ];
+			'test=value; Secure; HttpOnly; SameSite=Lax',
+			['name' => 'test', 'value' => 'value', 'secure' => true, 'httponly' => true, 'samesite' => 'Lax'],
+		];
 	}
 
 	public function testValidNamePerRfcYieldsSameNameRegardlessOfRawParam(): void