In the SessionConfig structure it is necessary to select a sameSite cookie policy (Strict or Lax). However, certain use cases or workarounds require avoiding the sameSite cookie attribute altogether. For example, in iOS 12 / Mojave, OAuth flows based on a session cookie with a sameSite cookie policy cannot work due to a bug in CFNetwork (https://bugs.webkit.org/show_bug.cgi?id=188165).
It would be good if the SessionConfig structure would list cookieSameSite as an optional field. PerfectHTTP's addCookie method already allows configuring a cookie without the sameSite attribute.
Unfortunately, it is not easily possible to work around this limitation in the app by using a response filter that re-writes the session cookie with the desired flags, as the HTTPResponse's header function only exposes one of the Set-Cookie headers.
In the SessionConfig structure it is necessary to select a sameSite cookie policy (Strict or Lax). However, certain use cases or workarounds require avoiding the sameSite cookie attribute altogether. For example, in iOS 12 / Mojave, OAuth flows based on a session cookie with a sameSite cookie policy cannot work due to a bug in CFNetwork (https://bugs.webkit.org/show_bug.cgi?id=188165).
It would be good if the SessionConfig structure would list cookieSameSite as an optional field. PerfectHTTP's addCookie method already allows configuring a cookie without the sameSite attribute.
Unfortunately, it is not easily possible to work around this limitation in the app by using a response filter that re-writes the session cookie with the desired flags, as the HTTPResponse's header function only exposes one of the Set-Cookie headers.