fix: add PHP secure cookie flag and C# token revocation example (gap report)#711
Open
tamalchowdhury wants to merge 2 commits intomainfrom
Open
fix: add PHP secure cookie flag and C# token revocation example (gap report)#711tamalchowdhury wants to merge 2 commits intomainfrom
tamalchowdhury wants to merge 2 commits intomainfrom
Conversation
…report) Made-with: Cursor
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
WalkthroughTwo backend SDK docs (.NET and PHP) were updated: metadata dates set to April 2026; .NET doc adds a "Revoke a token" example (POST /oauth2/revoke with Basic auth and form-encoded token/token_type_hint); PHP doc adds a "Disabling the Secure cookie flag (for local development)" section with sample code. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying kinde-docs-preview with
|
| Latest commit: |
eb9f107
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://f72bcb0f.kinde-docs-preview.pages.dev |
| Branch Preview URL: | https://tamal-update-sdk-local-dev-a.kinde-docs-preview.pages.dev |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx (1)
128-142: Avoid per-requestHttpClientconstruction in the example.This pattern is non-idiomatic for .NET and can lead to connection-management issues when copied into production code. Prefer a reused/injected client in docs examples.
Suggested doc-safe tweak
-var httpClient = new HttpClient(); +// Reuse a singleton/injected HttpClient (for example via IHttpClientFactory) +HttpClient httpClient = httpClientFactory.CreateClient();🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx` around lines 128 - 142, The example creates a new HttpClient per request which is non-idiomatic and can cause socket exhaustion; change the snippet to demonstrate using a reused/injected HttpClient (e.g., accept an HttpClient via constructor or obtain one from IHttpClientFactory) instead of calling new HttpClient() inside the method that builds the HttpRequestMessage and calls httpClient.SendAsync; keep the same HttpRequestMessage construction (request, Authorization header, FormUrlEncodedContent and token fields) but show it using an injected/reused HttpClient instance (referencing the HttpClient variable, the HttpRequestMessage variable named request, and the SendAsync call) so consumers copy the correct pattern for production.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/content/docs/developer-tools/sdks/backend/php-sdk.mdx`:
- Around line 190-197: The MDX block is over-indented causing the fenced PHP
code and the <Aside> to render as code; fix by un-indenting the fenced block and
aside so the code block starts with ```php followed by the two lines using
Storage::getInstance() and setCookieSecure(false) and then a closing ``` on its
own line, then add the <Aside type="warning"> block (with its content Do not
disable the `Secure` flag in production.) on separate, non-indented lines;
ensure references to Storage::getInstance and setCookieSecure remain unchanged.
---
Nitpick comments:
In `@src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx`:
- Around line 128-142: The example creates a new HttpClient per request which is
non-idiomatic and can cause socket exhaustion; change the snippet to demonstrate
using a reused/injected HttpClient (e.g., accept an HttpClient via constructor
or obtain one from IHttpClientFactory) instead of calling new HttpClient()
inside the method that builds the HttpRequestMessage and calls
httpClient.SendAsync; keep the same HttpRequestMessage construction (request,
Authorization header, FormUrlEncodedContent and token fields) but show it using
an injected/reused HttpClient instance (referencing the HttpClient variable, the
HttpRequestMessage variable named request, and the SendAsync call) so consumers
copy the correct pattern for production.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 2b1fad81-ee47-4571-85d6-b8f4fb6ae566
📒 Files selected for processing (2)
src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdxsrc/content/docs/developer-tools/sdks/backend/php-sdk.mdx
Koosha-Owji
requested changes
Apr 15, 2026
|
|
||
| ```php | ||
| $storage = Storage::getInstance(); | ||
| $storage->setCookieSecure(false); // Only use this in local/dev environments |
Contributor
There was a problem hiding this comment.
This function doesn't exist in the sdk yet.
Collaborator
Author
There was a problem hiding this comment.
Thanks. Any workarounds? or should we drop it? Do suggest.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two SDK doc fixes surfaced in the March 2026 gap report:
setCookieSecure(false)example under Cookie settings for developers running Laravel/PHP apps over HTTP locally. The Secure flag blocks cookies on HTTP, which is a common local dev blocker.## Revoke a tokensection with a correct C# example calling/oauth2/revoke. The AI bot was previously returning code for/oauth2/token(token fetch) instead, which is incorrect and misleading.Summary by CodeRabbit