Expose cookie extensions, consolidate cookie handling #39968 (#42119)

Author: Tratcher

src/Http/Headers/src/CacheControlHeaderValue.cs

@@ -502,7 +502,7 @@ public static CacheControlHeaderValue Parse(StringSegment input)
     /// </summary>
     /// <param name="input">The value to parse.</param>
     /// <param name="parsedValue">The parsed value.</param>
-    /// <returns><see langword="true"/> if input is a valid <see cref="SetCookieHeaderValue"/>, otherwise <see langword="false"/>.</returns>
+    /// <returns><see langword="true"/> if input is a valid <see cref="CacheControlHeaderValue"/>, otherwise <see langword="false"/>.</returns>
     public static bool TryParse(StringSegment input, [NotNullWhen(true)] out CacheControlHeaderValue? parsedValue)
     {
         var index = 0;

src/Http/Headers/src/SetCookieHeaderValue.cs

@@ -41,6 +41,7 @@ private static readonly HttpHeaderParser<SetCookieHeaderValue> MultipleValuePars
 
     private StringSegment _name;
     private StringSegment _value;
+    private List<StringSegment>? _extensions;
 
     private SetCookieHeaderValue()
     {
@@ -177,7 +178,10 @@ public StringSegment Value
     /// <summary>
     /// Gets a collection of additional values to append to the cookie.
     /// </summary>
-    public IList<StringSegment> Extensions { get; } = new List<StringSegment>();
+    public IList<StringSegment> Extensions
+    {
+        get => _extensions ??= new List<StringSegment>();
+    }
 
     // name="value"; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite={strict|lax|none}; httponly
     /// <inheritdoc />
@@ -236,9 +240,12 @@ public override string ToString()
             length += SeparatorToken.Length + HttpOnlyToken.Length;
         }
 
-        foreach (var extension in Extensions)
+        if (_extensions?.Count > 0)
         {
-            length += SeparatorToken.Length + extension.Length;
+            foreach (var extension in _extensions)
+            {
+                length += SeparatorToken.Length + extension.Length;
+            }
         }
 
         return string.Create(length, (this, maxAge, sameSite), (span, tuple) =>
@@ -291,9 +298,12 @@ public override string ToString()
                 AppendSegment(ref span, HttpOnlyToken, null);
             }
 
-            foreach (var extension in Extensions)
+            if (_extensions?.Count > 0)
             {
-                AppendSegment(ref span, extension, null);
+                foreach (var extension in _extensions)
+                {
+                    AppendSegment(ref span, extension, null);
+                }
             }
         });
     }
@@ -373,9 +383,12 @@ public void AppendToStringBuilder(StringBuilder builder)
             AppendSegment(builder, HttpOnlyToken, null);
         }
 
-        foreach (var extension in Extensions)
+        if (_extensions?.Count > 0)
         {
-            AppendSegment(builder, extension, null);
+            foreach (var extension in _extensions)
+            {
+                AppendSegment(builder, extension, null);
+            }
         }
     }
 
@@ -701,7 +714,7 @@ public override bool Equals(object? obj)
             && Secure == other.Secure
             && SameSite == other.SameSite
             && HttpOnly == other.HttpOnly
-            && HeaderUtilities.AreEqualCollections(Extensions, other.Extensions, StringSegmentComparer.OrdinalIgnoreCase);
+            && HeaderUtilities.AreEqualCollections(_extensions, other._extensions, StringSegmentComparer.OrdinalIgnoreCase);
     }
 
     /// <inheritdoc />
@@ -717,9 +730,12 @@ public override int GetHashCode()
             ^ SameSite.GetHashCode()
             ^ HttpOnly.GetHashCode();
 
-        foreach (var extension in Extensions)
+        if (_extensions?.Count > 0)
         {
-            hash ^= extension.GetHashCode();
+            foreach (var extension in _extensions)
+            {
+                hash ^= extension.GetHashCode();
+            }
         }
 
         return hash;

src/Http/Http.Abstractions/src/CookieBuilder.cs

@@ -11,6 +11,7 @@ namespace Microsoft.AspNetCore.Http;
 public class CookieBuilder
 {
     private string? _name;
+    private List<string>? _extensions;
 
     /// <summary>
     /// The name of the cookie.
@@ -77,6 +78,14 @@ public virtual string? Name
     /// </summary>
     public virtual bool IsEssential { get; set; }
 
+    /// <summary>
+    /// Gets a collection of additional values to append to the cookie.
+    /// </summary>
+    public IList<string> Extensions
+    {
+        get => _extensions ??= new List<string>();
+    }
+
     /// <summary>
     /// Creates the cookie options from the given <paramref name="context"/>.
     /// </summary>
@@ -97,7 +106,7 @@ public virtual CookieOptions Build(HttpContext context, DateTimeOffset expiresFr
             throw new ArgumentNullException(nameof(context));
         }
 
-        return new CookieOptions
+        var options = new CookieOptions
         {
             Path = Path ?? "/",
             SameSite = SameSite,
@@ -108,5 +117,14 @@ public virtual CookieOptions Build(HttpContext context, DateTimeOffset expiresFr
             Secure = SecurePolicy == CookieSecurePolicy.Always || (SecurePolicy == CookieSecurePolicy.SameAsRequest && context.Request.IsHttps),
             Expires = Expiration.HasValue ? expiresFrom.Add(Expiration.GetValueOrDefault()) : default(DateTimeOffset?)
         };
+
+        if (_extensions?.Count > 0)
+        {
+            foreach (var extension in _extensions)
+            {
+                options.Extensions.Add(extension);
+            }
+        }
+        return options;
     }
 }

src/Http/Http.Abstractions/src/PublicAPI.Unshipped.txt

@@ -5,6 +5,7 @@ Microsoft.AspNetCore.Builder.EndpointBuilder.ApplicationServices.get -> System.I
 Microsoft.AspNetCore.Builder.EndpointBuilder.ApplicationServices.set -> void
 Microsoft.AspNetCore.Http.AsParametersAttribute
 Microsoft.AspNetCore.Http.AsParametersAttribute.AsParametersAttribute() -> void
+Microsoft.AspNetCore.Http.CookieBuilder.Extensions.get -> System.Collections.Generic.IList<string!>!
 Microsoft.AspNetCore.Http.DefaultRouteHandlerInvocationContext
 Microsoft.AspNetCore.Http.DefaultRouteHandlerInvocationContext.DefaultRouteHandlerInvocationContext(Microsoft.AspNetCore.Http.HttpContext! httpContext, params object![]! arguments) -> void
 Microsoft.AspNetCore.Http.EndpointMetadataCollection.Enumerator.Current.get -> object!

src/Http/Http.Abstractions/test/CookieBuilderTests.cs

@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 namespace Microsoft.AspNetCore.Http.Abstractions.Tests;
@@ -50,4 +50,26 @@ public void CookieBuilderPreservesDefaultPath()
     {
         Assert.Equal(new CookieOptions().Path, new CookieBuilder().Build(new DefaultHttpContext()).Path);
     }
+
+    [Fact]
+    public void CookieBuilder_Extensions_Added()
+    {
+        var builder = new CookieBuilder();
+        builder.Extensions.Add("simple");
+        builder.Extensions.Add("key=value");
+
+        var options = builder.Build(new DefaultHttpContext());
+        Assert.Equal(2, options.Extensions.Count);
+        Assert.Contains("simple", options.Extensions);
+        Assert.Contains("key=value", options.Extensions);
+
+        var cookie = options.CreateCookieHeader("name", "value");
+        Assert.Equal("name", cookie.Name);
+        Assert.Equal("value", cookie.Value);
+        Assert.Equal(2, cookie.Extensions.Count);
+        Assert.Contains("simple", cookie.Extensions);
+        Assert.Contains("key=value", cookie.Extensions);
+
+        Assert.Equal("name=value; path=/; simple; key=value", cookie.ToString());
+    }
 }

src/Http/Http.Features/src/CookieOptions.cs

@@ -1,13 +1,17 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using Microsoft.Net.Http.Headers;
+
 namespace Microsoft.AspNetCore.Http;
 
 /// <summary>
 /// Options used to create a new cookie.
 /// </summary>
 public class CookieOptions
 {
+    private List<string>? _extensions;
+
     /// <summary>
     /// Creates a default cookie with a path of '/'.
     /// </summary>
@@ -16,6 +20,28 @@ public CookieOptions()
         Path = "/";
     }
 
+    /// <summary>
+    /// Creates a copy of the given <see cref="CookieOptions"/>.
+    /// </summary>
+    public CookieOptions(CookieOptions options)
+    {
+        ArgumentNullException.ThrowIfNull(options);
+
+        Domain = options.Domain;
+        Path = options.Path;
+        Expires = options.Expires;
+        Secure = options.Secure;
+        SameSite = options.SameSite;
+        HttpOnly = options.HttpOnly;
+        MaxAge = options.MaxAge;
+        IsEssential = options.IsEssential;
+
+        if (options._extensions?.Count > 0)
+        {
+            _extensions = new List<string>(options._extensions);
+        }
+    }
+
     /// <summary>
     /// Gets or sets the domain to associate the cookie with.
     /// </summary>
@@ -63,4 +89,39 @@ public CookieOptions()
     /// consent policy checks may be bypassed. The default value is false.
     /// </summary>
     public bool IsEssential { get; set; }
+
+    /// <summary>
+    /// Gets a collection of additional values to append to the cookie.
+    /// </summary>
+    public IList<string> Extensions
+    {
+        get => _extensions ??= new List<string>();
+    }
+
+    /// <summary>
+    /// Creates a <see cref="SetCookieHeaderValue"/> using the current options.
+    /// </summary>
+    public SetCookieHeaderValue CreateCookieHeader(string name, string value)
+    {
+        var cookie = new SetCookieHeaderValue(name, value)
+        {
+            Domain = Domain,
+            Path = Path,
+            Expires = Expires,
+            Secure = Secure,
+            HttpOnly = HttpOnly,
+            MaxAge = MaxAge,
+            SameSite = (Net.Http.Headers.SameSiteMode)SameSite,
+        };
+
+        if (_extensions?.Count > 0)
+        {
+            foreach (var extension in _extensions)
+            {
+                cookie.Extensions.Add(extension);
+            }
+        }
+
+        return cookie;
+    }
 }

src/Http/Http.Features/src/PublicAPI.Unshipped.txt

@@ -1,4 +1,7 @@
 #nullable enable
+Microsoft.AspNetCore.Http.CookieOptions.CookieOptions(Microsoft.AspNetCore.Http.CookieOptions! options) -> void
+Microsoft.AspNetCore.Http.CookieOptions.CreateCookieHeader(string! name, string! value) -> Microsoft.Net.Http.Headers.SetCookieHeaderValue!
+Microsoft.AspNetCore.Http.CookieOptions.Extensions.get -> System.Collections.Generic.IList<string!>!
 Microsoft.AspNetCore.Http.Features.IHttpExtendedConnectFeature
 Microsoft.AspNetCore.Http.Features.IHttpExtendedConnectFeature.AcceptAsync() -> System.Threading.Tasks.ValueTask<System.IO.Stream!>
 Microsoft.AspNetCore.Http.Features.IHttpExtendedConnectFeature.IsExtendedConnect.get -> bool

src/Http/Http/src/Internal/ResponseCookies.cs

@@ -68,22 +68,11 @@ public void Append(string key, string value, CookieOptions options)
             }
         }
 
-        var setCookieHeaderValue = new SetCookieHeaderValue(
+        var cookie = options.CreateCookieHeader(
             _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,
-            Uri.EscapeDataString(value))
-        {
-            Domain = options.Domain,
-            Path = options.Path,
-            Expires = options.Expires,
-            MaxAge = options.MaxAge,
-            Secure = options.Secure,
-            SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
-            HttpOnly = options.HttpOnly
-        };
-
-        var cookieValue = setCookieHeaderValue.ToString();
+            Uri.EscapeDataString(value)).ToString();
 
-        Headers.SetCookie = StringValues.Concat(Headers.SetCookie, cookieValue);
+        Headers.SetCookie = StringValues.Concat(Headers.SetCookie, cookie);
     }
 
     /// <inheritdoc />
@@ -112,25 +101,14 @@ public void Append(ReadOnlySpan<KeyValuePair<string, string>> keyValuePairs, Coo
             }
         }
 
-        var setCookieHeaderValue = new SetCookieHeaderValue(string.Empty)
-        {
-            Domain = options.Domain,
-            Path = options.Path,
-            Expires = options.Expires,
-            MaxAge = options.MaxAge,
-            Secure = options.Secure,
-            SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
-            HttpOnly = options.HttpOnly
-        };
-
-        var cookierHeaderValue = setCookieHeaderValue.ToString()[1..];
+        var cookieSuffix = options.CreateCookieHeader(string.Empty, string.Empty).ToString()[1..];
         var cookies = new string[keyValuePairs.Length];
         var position = 0;
 
         foreach (var keyValuePair in keyValuePairs)
         {
             var key = _enableCookieNameEncoding ? Uri.EscapeDataString(keyValuePair.Key) : keyValuePair.Key;
-            cookies[position] = string.Concat(key, "=", Uri.EscapeDataString(keyValuePair.Value), cookierHeaderValue);
+            cookies[position] = string.Concat(key, "=", Uri.EscapeDataString(keyValuePair.Value), cookieSuffix);
             position++;
         }
 
@@ -200,14 +178,9 @@ public void Delete(string key, CookieOptions options)
             Headers.SetCookie = new StringValues(newValues.ToArray());
         }
 
-        Append(key, string.Empty, new CookieOptions
+        Append(key, string.Empty, new CookieOptions(options)
         {
-            Path = options.Path,
-            Domain = options.Domain,
             Expires = DateTimeOffset.UnixEpoch,
-            Secure = options.Secure,
-            HttpOnly = options.HttpOnly,
-            SameSite = options.SameSite
         });
     }