Support for HttpOnly Cookies

[silkimen]

Hi guys, thank you for this invaluable tool! I'm using httpbin.org to implement and test features on my OSS Cordova plugin. Now, I need to write some tests for HttpOnly Cookies, which is currently not supported and unfortunately, I'm not a python developer. Please can someone implement this feature?

[javabrett]

@silkimen Probably good if you could provide a basic outline of the test-support features you are looking for in HttpOnly cookies support.

[silkimen]

Hi @javabrett! I'll need a service which is setting Cookies with the HttpOnly flag.

Maybe we can have configurable cookies? Something like this:

• returning set-cookie: myCookie=myValue; Domain=mydomain.com; Path=/; HttpOnly; Secure
• when calling https://httpbin.org/cookies/set/myCookie/myValue?domain=mydomain.com&path=%2F&httponly=true&secure=true

Just an idea! What do you think?

[davinkevin]

+1, we also could need this kind of feature! 👍

[anonghuser]

FWIW you can achieve mostly the same with /response-headers endpoint, i.e. https://httpbin.org/response-headers?set-cookie=test=best;path=/;expires=Wed, 21 Sep 2033 15:59:37 GMT;secure;samesite=none&set-cookie=test2=2

But you can not have that redirect you after setting the cookies, since even if you ask it to set location header, the status code is 200 and it will be ignored. Still, if the redirect is not critical to your tests it's a decent way to test completely custom cookie parameters.

Would still be nice if the /cookies endpoints could support all possible set-cookie parameters though, or alternatively, if /response-headers could support custom status code.