AppSync in the response resolver to support "Set-cookie", and supporing httponly, maxAge, Secure, SameSite parameters

[yanlin96]

Is this related to a new or existing framework?

No, should be a AppSync only

Is this related to a new or existing API?

GraphQL API

Is this related to another service?

Cloudfront maybe

Describe the feature you'd like to request

Firstly, AppSync could have the ability to read the httponly cookie through the request headers;

Secondly, there is a use case that we want to set a httponly cookie in AppSync response resolver and send it back to the front end and reflect it in the browser. Currently, we have tried to use "$util.http.addResponseHeader("set-cookie":xxxxxxxxx)", however, after I set up a Nginx server with the same domain as AppSync locally, I could not see the cookie there in the response header.

Describe the solution you'd like

something similar like "$util.http.addResponseHeader("set-cookie":xxxxxxxxx)" with more parameters supported like httponly, secure, maxAge to put the set-cookie in the response header. And all resolvers should support that. Also need to considering integration with cloudfront and route53 maybe.

Describe alternatives you've considered

None

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

[benm5678]

Yes, completely agree...if it can already set other headers, is there some technical challenge to allow us to also return set-cookie?