Add SameSite attribute to Cookie

[chlily1]

🚀 Feature Proposal

SameSite attribute on Cookie object

Motivation

The Cookie.Builder object does not accommodate a SameSite field, described here in the spec.

This makes it impossible to specify the SameSite field of a cookie, which can either be None, Lax, or Strict. This field can be specified in the Set-Cookie HTTP header, so the Cookie object should also support it.

Example

Cookie cookie = new Cookie.Builder("name", "value")
    .sameSite("lax")
    .build();

[jmakr0]

Since Chrome, Firefox, Edge and consequently the others apply SameSite by default in the beginning of 2020, it would be much appreciated indeed.

[gjyalpha]

FYI. ChromeDriver has implemented the support of Cookie's SameSite attribute in https://bugs.chromium.org/p/chromedriver/issues/detail?id=3264

[adamklinkosz]

Any new on this one? Browsers will start to require this attribute to be set and we need to be able to test whether it is present.

[gjyalpha]

Ah, yes.

1. The WebDriver spec switched the JSON key from "samesite" to "sameSite". My previous PR followed the previous "samesite". Now we need to change it to "sameSite". I can try to make another PR to fix this.

2. Another minor issue is that now the samesite attribute accepts a string value. And in general, browser should treat these values as case insensitive values. But ChromeDriver uses Chrome DevTools Protocol (CDP) behind the scene, and CDP treats the value as case sensitive values. So we might need to consider add some normalization logic in Cookie.java to make user's life slightly easier.

[gjyalpha]

Fixing the JSON key in #8265

[AutomatedTester]

I believe this is all fixed in all clients so closing