search

api-platform / core

The server component of API Platform: hypermedia and GraphQL APIs in minutes
https://api-platform.com
MIT License
2.45k stars 874 forks source link

[OpenApi] How to have multiple `Set-Cookie` header as PHP does not allow multiple same array key ? #6650

Open Crovitche-1623 opened 1 month ago

Crovitche-1623 commented 1 month ago

In RFC 6265, it's written that :

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.

I guess the only way of setting multiple cookie is separating them using a comma yet ?

How to reproduce 

use ApiPlatform\OpenApi\Model\Operation;

$fooBarOperation = new Operation(
    // ...
    responses: [
        Response::HTTP_FOUND => [
             // ...
            'headers' => [
                'Set-Cookie' => [
                   // ...
                ],
                // Here I cannot declare another `Set-Cookie` array key
            ]
        ]
    ]
);
Crovitche-1623 commented 1 month ago

Related: https://github.com/OAI/OpenAPI-Specification/issues/1237

Crovitche-1623 commented 1 month ago

BTW, I wanted to decorate the login route to add multiple Set-Cookie header because I use the "Split JWT" mechanism provided by LexikJWTAuthenticationBundle.