Skip to content

Response cookies Append inconsistently applies SameSite default #2675

New issue
New issue
Closed
Closed
Response cookies Append inconsistently applies SameSite default#2675
Assignees
Tratcher
Labels
DoneThis issue has been fixedarea-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsbreaking-changeThis issue / pr will introduce a breaking change, when resolved / merged.bugThis issue describes a behavior which is not expected - a bug.feature-http-abstractions
Milestone
3.0.0-preview4
@aspnet-hello

Description

@aspnet-hello
aspnet-hello
opened on Jan 2, 2018

From @Tratcher on Wednesday, December 27, 2017 9:11:02 AM

The two Append overloads have inconsistent behavior for the samesite property that was added in 2.0.

                context.Response.Cookies.Append("Name1", "Value1");
                context.Response.Cookies.Append("Name2", "Value2", new CookieOptions());

Set-Cookie:Name1=Value1; path=/
Set-Cookie:Name2=Value2; path=/; samesite=lax

The two overloads should have the same defaults.

I noticed because we're making changes to CookiePolicy for http://github.com/aspnet/Security/issues/1561 and adding it to the templates. This will have the side-effect of causing the Append API to consistently use the second overload's behavior.

Copied from original issue: aspnet/HttpAbstractions#982

Metadata

Metadata

Assignees

Labels

DoneThis issue has been fixedarea-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsbreaking-changeThis issue / pr will introduce a breaking change, when resolved / merged.bugThis issue describes a behavior which is not expected - a bug.feature-http-abstractions

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions