{"id":19773496,"url":"https://github.com/dmitryfillo/aspnet.webapi.cookiespassthrough","last_synced_at":"2025-07-21T09:32:07.973Z","repository":{"id":68114941,"uuid":"151596506","full_name":"DmitryFillo/AspNet.WebApi.CookiesPassthrough","owner":"DmitryFillo","description":"Allows you to add cookies for IHttpActionResult in WebAPI controllers","archived":false,"fork":false,"pushed_at":"2018-10-17T16:43:28.000Z","size":81,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-30T18:37:47.071Z","etag":null,"topics":["aspnet","aspnet-web-api","cookies","httpcontext","response","webapi","webapi-2"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DmitryFillo.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-10-04T15:44:50.000Z","updated_at":"2021-06-12T12:30:10.000Z","dependencies_parsed_at":"2023-05-31T05:00:29.032Z","dependency_job_id":null,"html_url":"https://github.com/DmitryFillo/AspNet.WebApi.CookiesPassthrough","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/DmitryFillo/AspNet.WebApi.CookiesPassthrough","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DmitryFillo%2FAspNet.WebApi.CookiesPassthrough","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DmitryFillo%2FAspNet.WebApi.CookiesPassthrough/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DmitryFillo%2FAspNet.WebApi.CookiesPassthrough/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DmitryFillo%2FAspNet.WebApi.CookiesPassthrough/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DmitryFillo","download_url":"https://codeload.github.com/DmitryFillo/AspNet.WebApi.CookiesPassthrough/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DmitryFillo%2FAspNet.WebApi.CookiesPassthrough/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266275964,"owners_count":23903959,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnet","aspnet-web-api","cookies","httpcontext","response","webapi","webapi-2"],"created_at":"2024-11-12T05:09:53.666Z","updated_at":"2025-07-21T09:32:07.967Z","avatar_url":"https://github.com/DmitryFillo.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"==================================\nASP.NET Web API CookiesPassthrough\n==================================\n\n.. image:: https://travis-ci.com/DmitryFillo/AspNet.WebApi.CookiesPassthrough.svg?branch=master\n     :target: https://travis-ci.com/DmitryFillo/AspNet.WebApi.CookiesPassthrough\n\nAllows you to add cookies for IHttpActionResult in WebAPI controllers.\n\n.. contents::\n\nMotivation\n==========\n\nThere are several ways to add cookies to the response in WebAPI. The recommended way, according to the `docs \u003chttps://docs.microsoft.com/en-us/aspnet/web-api/overview/advanced/http-cookies#cookies-in-web-api\u003e`_, is to use ``resp.Headers.AddCookies(cookies)`` extension method, but there are some disadvantages:\n\n- Cookie values are always encoded. It's `complicated topic \u003chttps://stackoverflow.com/questions/1969232/allowed-characters-in-cookies\u003e`_, so encode / decode should be configurable, e.g. Chrome works well with spaces in cookie values or sometimes you need ``=`` char in a cookie value.\n- ``CookieHeaderValue`` `supports name-value pairs \u003chttps://docs.microsoft.com/en-us/aspnet/web-api/overview/advanced/http-cookies#structured-cookie-data\u003e`_ and such collections will be presented as ``cookie-name=key1=value1\u0026key2=value2``, but collection will be encoded if you'll try to set it via just passing string. Passing cookie collection strings directly is useful for cases when you passing cookie values through services, e.g. integration with legacy cookie-based APIs.\n\nAnother way is to set cookies on `HttpResponse.Cookies \u003chttps://docs.microsoft.com/en-us/dotnet/api/system.web.httpresponse.cookies?view=netframework-4.7.2#System_Web_HttpResponse_Cookies\u003e`_ via ``HttpContext`` (check `example \u003chttps://stackoverflow.com/questions/9793591/how-do-i-set-a-response-cookie-on-httpreponsemessage/9793779#9793779\u003e`_), but there are even more serious disadvantages:\n\n- Using ``HttpContext`` in WebAPI is bad practice, because you cannot get them in self host.\n- Potential problems with ``new Thread()``.\n- Harder to mock.\n- `Complicated behaviour \u003chttps://stackoverflow.com/questions/8491075/why-does-httpcontext-response-cookiesfoo-add-a-cookie\u003e`_.\n\nBetter to have simple API for ``IHttpActionResult`` w/o described disadvantages. Also good to have `localhost support \u003chttps://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain\u003e`_ or \"enable these cookies for all subdomains\" feature out-the-box.\n\nHow to use\n==========\n\nYou can install `AspNet.WebApi.CookiesPassthrough \u003chttps://www.nuget.org/packages/AspNet.WebApi.CookiesPassthrough\u003e`_ package via nuget.\n\n.. code:: c#\n\n  var cookieDescriptors = new[] \n  {\n       // simple cookie with Path=/\n       new CookieDescriptor(\"test-cookie\", \"1\"),\n       \n       // encode\n       new CookieDescriptor(\"test-cookie2\", \"2=\") {\n           CodeStatus = CookieCodeStatus.Encode\n       },\n        \n       // expires, secure, httponly + decode\n       new CookieDescriptor(\"test-cookie3\", \"a%3D3\") {\n           Secure = true,\n           CodeStatus = CookieCodeStatus.Decode,\n           HttpOnly = true,\n           Expires = new DateTime(2118, 1, 1)\n       },\n        \n       // path will be added and no decode or encode\n       new CookieDescriptor(\"test-cookie4\", \"4%3D=\") {\n           Path = \"/subfolder/\"\n       },\n   };\n\n   // also you can use Request.GetReferrerHost() to get referrer's host which is useful when you're developing AJAX API\n   return Ok().AddCookies(cookieDescriptors, Request.GetRequestHost());\n\nYou can enable cookies for all subdomains:\n\n.. code:: c#\n   \n   // domain will be \".example.org\"\n   return Ok().AddCookies(cookieDescriptors, \"example.org\").EnableCookiesForAllSubdomains();\n   \n   // same, domain will be \".example.org\"\n   return Ok().AddCookiesForAllSubdomains(cookieDescriptors, \"www.example.org\");\n   \n   // or even this\n   return Ok()\n       .AddCookiesForAllSubdomains(cookieDescriptorsForAllSubdomains, \"example.org\")\n       .AddCookies(cookieDescriptorsForOneDomain, \"example.com\")\n       .AddCookies(cookieDescriptorsForAnotherDomainAndAllSubdomains, \"www.example.net\")\n       .EnableCookiesForAllSubdomains();\n\nIf domain is localhost\n======================\n\n`Browsers has problems with localhost cookies \u003chttps://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain\u003e`_. If you'll specify domain as ``localhost`` or even ``.localhost`` it will not be added to the response at all to make cookies with localhost work for almost all browsers.\n\nEnable cookies for all subdomains\n=================================\n\nWhen you call ``.EnableCookiesForAllSubdomains()`` or use ``.AddCookiesForAllSubdomains(...)`` the following domain convertion will be applied:\n\n.. code:: c#\n\n  \"localhost\"        =\u003e \"\"\n  \".localhost\"       =\u003e \"\"\n  \"www.localhost\"    =\u003e \".www.localhost\"\n  \"www.localhost.ru\" =\u003e \".localhost.ru\"\n  \"www.org\"          =\u003e \".www.org\"\n  \".www.org\"         =\u003e \".www.org\"\n  \"example.org\"      =\u003e \".example.org\"\n  \"www.example.org\"  =\u003e \".example.org\"\n  \".www.example.org\" =\u003e \".www.example.org\"\n\nPlay with examples\n==================\n\nCheck ``AspNet.WebApi.CookiesPassthrough.Example`` project.\n\nSpecial thanks to\n=================\n\n- Thanks to `rustboyar \u003chttps://github.com/rustboyar\u003e`_ and `niksanla2 \u003chttps://github.com/niksanla2\u003e`_. These guys faced some issues with cookies (related with encoding) in WebAPI when trying to send them back from legacy API and developed PoC. I decided to research the topic a bit and create this package to make common \"cookiejob\" simple.\n- Thanks to `KatArt \u003chttps://www.behance.net/kberniacdd72\u003e`_ for nuget package cute icon (love this telegram stickers impression).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmitryfillo%2Faspnet.webapi.cookiespassthrough","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmitryfillo%2Faspnet.webapi.cookiespassthrough","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmitryfillo%2Faspnet.webapi.cookiespassthrough/lists"}