Support for the __Host- prefix?

[ianjennings]

I'm trying to set cookies in a react-native-webview but when I try to set a cookie with the prefix __Host-, this library returns false.

The __Host- prefix is a security feature that has some strict requirements:

__Host- prefix: Cookies with names starting with __Host- must be set with the secure flag, must be from a secure page (HTTPS), must not have a domain specified (and therefore aren't sent to subdomains) and the path must be /.

You can find more here:

• https://googlechrome.github.io/samples/cookie-prefixes/
• https://datatracker.ietf.org/doc/html/draft-west-cookie-prefixes#section-3.2

In the screenshot above, you'll see I try and meet these requirements but am still unsuccessful. It's my suspicion that the following requirement is not met:

Set from a URI whose "scheme" is considered "secure" by the user agent.

I assume that the cookie manage is not considered secure? Is there any way around this?

[JMikeJ]

also encountered this issue as well, we have a cookie that uses has a __Host- prefix but it will also return a false.

Have you by chance resolved this issue or have found a workaround?

[gitstashapply]

@JMikeJ just realized that have issues with "_" cookies, did you found a way to solve it?