Reject responses that have explicit set-cookie

[essen]

This causes confusion otherwise. See #1483 (comment)

We want users to call set_resp_cookie or to manually set the raw resp_cookies value in the Req. A function to do that may be welcome. This is mainly useful for proxies though so not sure how much we should do.

[geeksilva97]

I am looking for issues in Erlang to practice more. Would you say I could pick this one?

[essen]

Hello @geeksilva97 sorry I had not received an email following your comment, guess it got lost. Yes it would be a good choice. Basically the functions set_resp_header, set_resp_headers, inform, reply, stream_reply and stream_trailers should fail if the headers given in argument contain set-cookie.

[geeksilva97]

Thank you, @essen . Will give it try, starting tomorrow.

[geeksilva97]

Just a confirmation, @essen . Should I throw an error? If so, are you expecting anything special?

I was naively thinking of something like

set_resp_header(<<"set-cookie">>, _, _) ->
    throw({invalid_header_name, <<"set-cookie">>});

[essen]

Please use something of the form:

exit({response_error, invalid_header,
    'The set-cookie header is special and must be set using cowboy_req:set_resp_cookie/3,4.'})

See a40bab8 for a more extensive example.

[geeksilva97]

Please use something of the form:

exit({response_error, invalid_header,
    'The set-cookie header is special and must be set using cowboy_req:set_resp_cookie/3,4.'})

See a40bab8 for a more extensive example.

Thank you. Will do.

[essen]

Done. Closing, thank you!