Bug: Security class sends cookies immediately, instead of coordinating with the Response class.

[lonnieezell]

PHP Version

7.4

CodeIgniter4 Version

4.1.5

CodeIgniter4 Installation Method

Git

Which operating systems have you tested for this bug?

macOS

Which server did you use?

cli-server (PHP built-in webserver)

Database

n/a

What happened?

Originally encountered during Feature testing. Code that passed previously is now giving errors that Cannot modify header information - headers already sent by. This appears to be happening while the CSRF token is being set while calling a page using the FeatureTestTrait.

Steps to Reproduce

Create a test using FeatureTestTrait. Use that to call a page that is protected with a CSRF hash. Run test.

Expected Output

Instead of sending the cookie immediately, it should add the cookie to the Response class, which then sends all cookies out at once to protect against the possibility of sending cookies early and giving the Output already started errors.

Anything else?

This appears to require letting the Response class (or ResponseTrait?) know how to handle raw cookies, also, in order to completely remove that functionality from the Security class.

Relevant trace:

ErrorException: Cannot modify header information - headers already sent by (output started at /Users/kilishan/WebSites/personal/Bonfire2/vendor/phpunit/phpunit/src/Util/Printer.php:104)

/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Cookie/CookieStore.php:248
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Cookie/CookieStore.php:172
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Security/Security.php:521
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Security/Security.php:507
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Security/Security.php:493
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Security/Security.php:467
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Security/Security.php:188
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Config/Services.php:552
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Config/BaseService.php:248
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Config/BaseService.php:189
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Config/Services.php:547
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Config/BaseService.php:248
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Common.php:243
/Users/kilishan/WebSites/personal/Bonfire2/vendor/codeigniter4/framework/system/Common.php:277

[kenjis]

I sent a PR: #5429