Should modified cookies always override header cookies in update response

[juliandescottes]

In https://w3c.github.io/webdriver-bidi/#update-the-response we have the following logic to update cookies in a response:

1. If |command parameters| [=map/contains=] "<code>cookies</code>":

  1. If |command parameters| [=map/contains=] "<code>headers</code>", let
     |headers| be |response|'s [=response/header list=].

     Otherwise:

  1. Let |headers| be an empty [=/header list=].

  1. For each |header| in |response|'s [=response/headers list=]:

    1. Let |name| be |header|'s name.

    1. If [=byte-lowercase=] |name| is not `<code>set-cookie</code>`:

      1. Append |header| to |headers|

So basically if custom "headers" have been provided, we just keep the full list of headers. But if they have not, then we create a new headers list, based on the response's headers list but without the "Set-Cookie" headers.

In other words, if you have Set-Cookie headers in the "headers" parameter, the cookies from the "cookies" parameter will be "merged" with them. But if you had Set-Cookie headers in the original response, and didn't provide a "headers" parameter, the cookies from the "cookies" parameter will override them.

I'm wondering if that's really the behavior we want, and if we should rather make it consistent and always override. Looking at puppeteer tests at least, the modified headers seem to often be built from original headers, eg

        const headers = Object.assign({}, request.headers(), {
          foo: 'bar',
        });

So I can imagine users passing headers with "Set-Cookie" headers unintentionally.