It's currently impossible to model a Set-Cookie header with attributes unknown to akka-http like this:
Set-Cookie: key=value; HttpOnly; SameSite=strict
We should allow specifying custom attributes and/or add popular ones missing from the current model.
The current workaround is to use a RawHeader in such a case.
Prompted by https://groups.google.com/d/topic/akka-user/XbAoF_EQAHI/discussion.
As Chrome 80 is inevitably coming, https://www.chromestatus.com/feature/5088147346030592, any plans for this to be updated?
It's my understanding that the only workaround for this today is to use RawHeader in place of Set-Cookie.
Should I go ahead with this change in my codebase, or will this ticket be prioritized before Chrome begins rejecting cookies without the SameSite attribute? Note that this also impacts Safari running on macOS 10.14.
This is gettin real in few months. Any plan for real resolution instead of a workaround?
Thanks for the reminder, @ktulinger. I'm putting it tentatively on the roadmap for the upcoming 10.2.0.
Most helpful comment
As Chrome 80 is inevitably coming, https://www.chromestatus.com/feature/5088147346030592, any plans for this to be updated?