Open JornWildt opened 5 years ago
Hi Jorn,
The implementation choices depended mostly on normalisation of headers coming in and out, and unfortunately Set-Cookie one the only of the cases where this has been an issue, as hosts don't necessarily implement the split correctly to give browsers the non-http compliant they expect for cookies.
The master branch should already have the fix for this .Add exception.
I'll keep this open as we've reworked this, and we should add tests specifically for the cookie handling at the hosting layer.
Note that the owin hosting now leaves existing headers alone (so you can interact better with existing middleware)
In case you need to set two cookies in the same response, the server fails:
The header collection should not be a simple <string,string> dictionary.