Needs review
Project:
CAS
Version:
3.x-dev
Component:
CAS
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
24 Mar 2026 at 12:26 UTC
Updated:
25 Mar 2026 at 11:53 UTC
Jump to comment: Most recent
Problem/Motivation
The js_cookie module is only used if gateway.enabled is true. Many installs are not using that feature. The module is not a hard dependency in cas.info.yml, for such sites js_cookie is disabled. But the CAS composer requires the drupal/js_cookie even it has no usage.
Proposed resolution
Suggest drupal/js_cookie with a good message rather than requiring it.
The CAS code has enough protection against js_cookie not being available
Remaining tasks
None.
User interface changes
None.
API changes
None.
Data model changes
None.
Issue fork cas-3581178
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
claudiu.cristeaComment #5
giaczug commentedHi,
I moved
drupal/js_cookiepackage from a required dependency to a suggested dependency in the CAS module'scomposer.jsonfile. This change reduces unnecessary dependencies for sites that don't use the CAS gateway authentication feature with the client-side method.The issue #3578277 proposed updating the version constraint for
drupal/js_cookiefrom^1.0to^1.0 || ^2.0, allowing compatibility with both major versions of the package. However, since the package is now entirely optional and only needed when using CAS gateway client-side authentication, that issue is probably no longer necessary.Sites can now choose which version to install based on their specific requirements.
Comment #6
claudiu.cristeaIf I'm not mistaken, we can only do this in CAS 4.0 because there is a risk to break sites using the js_cookie module