I have added the SameSite
enum to ResponseCookie
while ensuring that the existing string-based handling is still supported.
The reason for adding the enum is to enhance type safety. Additionally, if a value that is not provided is entered, it will default to Lax
as per the specification (https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#name-the-samesite-attribute).
I would appreciate it if you could review the PR!
Comment From: bclozel
Thanks for the proposal, but we're going to decline this PR.
Promoting this to an enum doesn't bring much, as SameSite
can accept any value (and the actual resulting behavior depends on the browser configuration). Exposing this in our public API would require deprecating the String
variant and would create some edge cases like builder.sameSite(null)
.
We might revisit this in the future if the SameSite spec evolves and requires more elaborate parsing or features on the server side.
Thanks for your contribution!