Akka-http: Support Cookie SameSite attribute and maybe allow specifying custom cookie attributes

Created on 15 Aug 2017  路  4Comments  路  Source: akka/akka-http

It's currently impossible to model a Set-Cookie header with attributes unknown to akka-http like this:

Set-Cookie: key=value; HttpOnly; SameSite=strict

We should allow specifying custom attributes and/or add popular ones missing from the current model.

The current workaround is to use a RawHeader in such a case.

Prompted by https://groups.google.com/d/topic/akka-user/XbAoF_EQAHI/discussion.

3 - in progress model core

Most helpful comment

As Chrome 80 is inevitably coming, https://www.chromestatus.com/feature/5088147346030592, any plans for this to be updated?

All 4 comments

As Chrome 80 is inevitably coming, https://www.chromestatus.com/feature/5088147346030592, any plans for this to be updated?

It's my understanding that the only workaround for this today is to use RawHeader in place of Set-Cookie.

Should I go ahead with this change in my codebase, or will this ticket be prioritized before Chrome begins rejecting cookies without the SameSite attribute? Note that this also impacts Safari running on macOS 10.14.

This is gettin real in few months. Any plan for real resolution instead of a workaround?

Thanks for the reminder, @ktulinger. I'm putting it tentatively on the roadmap for the upcoming 10.2.0.

Was this page helpful?
0 / 5 - 0 ratings