This repository was archived by the owner on Nov 20, 2018. It is now read-only.
This repository was archived by the owner on Nov 20, 2018. It is now read-only.
Response cookies Append inconsistently applies SameSite default #982
Description
The two Append overloads have inconsistent behavior for the samesite property that was added in 2.0.
context.Response.Cookies.Append("Name1", "Value1");
context.Response.Cookies.Append("Name2", "Value2", new CookieOptions());
Set-Cookie:Name1=Value1; path=/
Set-Cookie:Name2=Value2; path=/; samesite=lax
The two overloads should have the same defaults.
I noticed because we're making changes to CookiePolicy for http://github.com/aspnet/Security/issues/1561 and adding it to the templates. This will have the side-effect of causing the Append API to consistently use the second overload's behavior.