Bug 247482

When you clear cookie (using regular Set-Cookie header with expiration in the past) with different configuration than how you set the cookies (HttpOnly configuration in our case), the cookie does not get cleared in the document.cookie JS API. This is what happens: - JavaScript document.cookie still has the unset cookies (incorrect) - HTTP Cookie header is not sending the unset cookies (correct) - When opening the same URL to new window, the document.cookie does not have the unset cookies (correct) Repro example - First set cookie with header `Set-Cookie: test=yes; Max-Age=1000000; path=/` - Observe that - document.cookie has `test` cookie - Cookie header sends `test` cookie - Then clear cookie with header `Set-Cookie: test=deleted; Max-Age=0; path=/; HttpOnly;` < notice the extra HttpOnly settings - Observe that - document.cookie still has `test` cookie (incorrect) - Cookie header does not send `test` cookie (correct) - When opening new tab on the same URL, the document.cookie does NOT have `test` cookie (correct) Video how it looks like: https://twitter.com/PetrHurtak/status/1588466286191063042 Reproduction example repository: https://github.com/Hurtak/safari-redirect-cookies-test I am able to reproduce this on - MacOS Safari 15.5 - MacOS Safari Technology Preview 16.4 - iOS 16 Safari