Cookie Flexiblity
randysecrist opened this issue · comments
I have a use case for controlling what set-cookie
response headers can look like. In short, the use case is a mock server that can inject faults into response headers and bodies to see how a system under test will respond.
I do not (currently) see a way to:
- Set the
SameSite=Strict
attribute for a cookie. The atom in the typedef isn't there today. - Set the date format used by
Expires
attribute when used in conjunction withmax_age
.
ref: https://ninenines.eu/docs/en/cowboy/2.10/guide/cookies/
I realize cookies have a few different specifications; and am curious what your thoughts on how best to support these asks without requiring too much effort on your part.
Thanks as always!
Update:
I was able to inject the cookie I wanted by directly manipulating the request map:
req1 = req0 |> Map.merge(
%{:resp_cookies =>
%{
"rando_cookie" => [
"rando_cookie",
"=",
"c9d72ff8-696b-4931-9188-b1def6f8c000",
["; Path=", "/", "; Domain=", ".rando.domain", "; Secure", "; Expires=",
"Wed, 06 Mar 2024 04:44:54 GMT", "; Max-Age=", ~c"31536", "; HttpOnly; SameSite=Strict"]
]
}
}
)
Directly manipulating is the way to go for such purposes.
Note that cookies do accept strict
(https://ninenines.eu/docs/en/cowlib/2.12/manual/cow_cookie/). A PR updating the guide is welcome.
The Expires
attribute in Cowboy can be read but not written. This is on purpose. Cowboy will currently calculate the Expires
value based on the max_age
you provide and set it; but at a later time the Expires
value will be removed as it is on the way out. https://github.com/ninenines/cowlib/blob/master/src/cow_cookie.erl#L363-L369
I can prob send you a PR for the doc update. Thanks for the quick response!