You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds a new "iOS / MAUI Cookie Handling" page under Advanced topics, explaining why Set-Cookie headers are missing on iOS/Mac Catalyst and how to fix it.
Description
New page: docs/docs/advanced/ios-maui-cookies.md
Symptom, root cause (NSURLSession intercepts Set-Cookie into NSHTTPCookieStorage before .NET sees it), and the fix via ConfigureMessageHandler
Multi-tenant safety rationale for disabling the native cookie store
Anti-pattern warning against UseCookies = true with a shared CookieContainer
Linked from docs/docs/advanced/configuration.md (CookieContainer option row)
Linked from docs/docs/usage/request.md (Cookies section)
The recipe code block matches the one provided in the issue.
This is a docs-only change — no source or test files were touched.
Purpose
This pull request is a:
Bugfix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Checklist
I have added tests that prove my fix is effective or that my feature works
I have added necessary documentation (if appropriate)
Document iOS/MAUI cookie handling workaround for missing Set-Cookie headers
📝 Documentation🕐 10-20 Minutes
AI Description
• Add a dedicated guide explaining iOS/Mac Catalyst Set-Cookie header interception.
• Cross-link cookie docs and configuration docs to the new platform-specific workaround.
• Warn against unsafe shared cookie container patterns in multi-tenant clients.
The following are alternative approaches to this PR:
1. Inline the iOS/Mac Catalyst workaround into existing cookie docs
➕ Keeps all cookie guidance in one place
➕ Fewer documentation pages to maintain
➖ Makes the main cookie page longer and easier to miss for non-iOS readers
➖ Harder to expand with platform nuance (multi-tenant considerations, anti-patterns) without clutter
2. Provide a reusable helper/factory for NSUrlSessionHandler configuration (code-side)
➕ Reduces copy/paste of the handler configuration snippet
➕ Encapsulates platform-specific configuration for consumers
➖ Requires product/API changes and release coordination beyond documentation scope
➖ May not fit all app architectures (DI, custom handlers, multiple clients)
Recommendation: The chosen approach (a dedicated iOS/MAUI cookie-handling doc plus cross-links from the relevant pages) is the best fit for a docs-only PR: it keeps platform-specific details discoverable without cluttering general guidance, and it provides a clear root-cause explanation, a concrete workaround, and a security note on multi-tenant safety.
Files changed (3) +45 / -1
Documentation (3) +45 / -1
configuration.mdLink CookieContainer option docs to iOS/MAUI cookie workaround+1/-1
Link CookieContainer option docs to iOS/MAUI cookie workaround
• Updates the 'CookieContainer' client option description to reference the new iOS/Mac Catalyst cookie-handling guide. Clarifies that platform-specific setup may be required to receive 'Set-Cookie' headers.
ios-maui-cookies.mdAdd iOS/Mac Catalyst guide for missing Set-Cookie headers+40/-0
Add iOS/Mac Catalyst guide for missing Set-Cookie headers
• Introduces a new page explaining why 'Set-Cookie' headers do not appear on iOS/Mac Catalyst due to 'NSURLSession' cookie interception. Provides a 'ConfigureMessageHandler' snippet to disable system cookie storage, plus guidance on multi-tenant safety and an explicit anti-pattern warning.
request.mdAdd iOS/Mac Catalyst note for empty RestResponse.Cookies+4/-0
Add iOS/Mac Catalyst note for empty RestResponse.Cookies
• Adds a platform note warning that 'RestResponse.Cookies' may be empty on iOS/Mac Catalyst even for successful requests. Links readers to the new iOS/MAUI cookie-handling workaround page.
The iOS/MAUI workaround example replaces the internally configured HttpClientHandler via
ConfigureMessageHandler, so handler-scoped RestClientOptions (proxy, credentials, decompression,
certificate validation callback, client certificates, etc.) will no longer apply. Users following
the snippet can get unexpected runtime behavior because RestSharp configures the original handler
before invoking ConfigureMessageHandler, and any returned new handler bypasses that configuration.
+var options = new RestClientOptions(baseUrl) {+ ConfigureMessageHandler = _ => {+ var config = NSUrlSessionConfiguration.DefaultSessionConfiguration;+ config.HttpCookieStorage = null;+ config.HttpCookieAcceptPolicy = NSHttpCookieAcceptPolicy.Never;+ return new NSUrlSessionHandler(config);+ }
Evidence
The new doc returns a brand-new handler, but RestSharp only applies handler-level options to the
initially created HttpClientHandler and then swaps it out if ConfigureMessageHandler returns
something else, which means those options don’t carry over to the replacement handler.
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution
## Issue description
The iOS/MAUI cookie workaround doc recommends returning a new `NSUrlSessionHandler` from `RestClientOptions.ConfigureMessageHandler`. Doing so replaces the `HttpClientHandler` that RestSharp already configured from `RestClientOptions`, which can silently drop important handler-level settings (proxy, credentials, decompression, cert validation callbacks, client certificates, etc.).
### Issue Context
- RestSharp constructs a `HttpClientHandler`, configures it from `RestClientOptions`, then calls `ConfigureMessageHandler` and uses the returned handler for `HttpClient`.
- If the callback returns a different handler instance, the earlier configuration is not applied to the new handler.
### Fix Focus Areas
- docs/docs/advanced/ios-maui-cookies.md[13-31]
### Suggested change
1. Keep the workaround, but add an explicit note immediately after the snippet explaining that this *replaces* RestSharp’s configured handler.
2. List the key impacted options (Proxy, Credentials/UseDefaultCredentials, AutomaticDecompression, RemoteCertificateValidationCallback, ClientCertificates, etc.).
3. Provide guidance: users who rely on those settings must re-apply equivalent configuration to the new `NSUrlSessionHandler` (or alternatively build and pass a fully configured `HttpClient`/handler chain themselves).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #2387
Adds a new "iOS / MAUI Cookie Handling" page under Advanced topics, explaining why
Set-Cookieheaders are missing on iOS/Mac Catalyst and how to fix it.Description
docs/docs/advanced/ios-maui-cookies.mdSet-CookieintoNSHTTPCookieStoragebefore .NET sees it), and the fix viaConfigureMessageHandlerUseCookies = truewith a sharedCookieContainerdocs/docs/advanced/configuration.md(CookieContaineroption row)docs/docs/usage/request.md(Cookies section)The recipe code block matches the one provided in the issue.
This is a docs-only change — no source or test files were touched.
Purpose
This pull request is a:
Checklist