SameSite directive implementation in Zend\Http\Header\SetCookie throws exception on lowercase values #206
Description
Hi all,
When upgrading from zend-http 2.10 to 2.11 my REST integration with Exact stopt working. After an investigation it turned out that the newly implemented SameSite directive was the culprit. Its cookie did contain the SameSite element, but its value was in lowercase.
string(117) "Set-Cookie: ExactServer{7d1b186a-964e-4536-b49e-f36d86d47892}=Division=XXXXXX; SameSite=lax; path=/; secure; HttpOnly"
This is the exception message:
"Invalid value provided for SameSite directive: "lax"; expected one of: Strict, Lax or None"
It is however caught in Zend\Http\Header::lazyLoadHeader() and therefore never shown.
In Zend\Http\Header\SetCookie::setSameSite(), the in_array method is case sensitive for strings and the defined values all start with capitals (Strict, Lax, None)
I have found several draft specifications all dealing with case insensitive match of the value:
https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1 and https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
In the current situation I'm forced to remain on zend-http 2.10. My question is if a pull request allowing for case insensitive comparison would get accepted.