I'm unable to set the "secure" property of HTTPCookieProperty (for initializing HTTPCookie) to false.
tried:
.secure: "FALSE"
.secure: "false"
.secure: false
but all of above resulted in "cookie.isSecure" being true.
The only thing that worked was not providing the field at all (which made the property default to false).
Seems like a niche bug?
That’s kinda how HTTP cookies work. Consider the secure-av product in RFC 6265. There isn’t any syntax for setting the attribute to false. You do that by simply not including the attribute.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I disagree with your assessment that this is kind of how HTTP cookies work. The RFC you link is for how a server needs to interpret a cookie sent to it not how a client should implement creation of one.
I think others would likely agree that this is a wart and that setting secure to false would result in the correct behavior of not setting the secure attribute on the cookie. It also make coding something simple like .secure: environment().isSecure() into another if statement that every person coming after will question why it's done this way and then eventually figure it out.
The only reason I agree that this likely needs to stay the same is it's a pretty big breaking change at this point and many apps are likely working by accident as setting .secure to anything other than true makes no sense.
Anyway... wasted more hours than I would like to admit on this as I was also adding a new networking library as well as adding cookies to the app so I spent a lot of time debugging the new library when it was just this attribute messing things up.