Set the sameSite cookie attribute in ClientHttpResponse implementations

[DamianFekete]

Affects: Spring Framework 5.2.9 (and below)

I would like to have direct access to the sameSite attribute when using WebTestClient (body.getResponseCookies()).

ReactorClientHttpResponse#getCookies() doesn't set the sameSite attribute on the ResponseCookie.

this.response.cookies().values().stream().flatMap(Collection::stream)
	.forEach(c ->

		result.add(c.name(), ResponseCookie.fromClientResponse(c.name(), c.value())
				.domain(c.domain())
				.path(c.path())
				.maxAge(c.maxAge())
				.secure(c.isSecure())
				.httpOnly(c.isHttpOnly())
				.build()));

this.response.cookies() returns a io.netty.handler.codec.http.cookie.Cookie (the interface), but the implementation is io.netty.handler.codec.http.cookie.DefaultCookie, which supports the sameSite attribute.

Is there any compelling reason not to test if the implementation is DefaultCookie and if it is to set the sameSite attribute on the returned ResponseCookie ?

[jhoeller]

FWIW, we don't expose the sameSite attribute in JettyClientHttpResponse and HttpComponentsClientHttpResponse either. If we address this, we'd have to revise it all three implementations there.