Handle cookies with Response

[Hebilicious]

Describe the feature

Disclaimer

Technically end-users should use the setCookie helpers and wouldn't try to manually set cookies on a Response objects.
This is more intended for integrating h3 with libraries that returns a Response object.

There's an issue with the Response implementation here #436 (and the other approaches I've tried) due to the way set-cookie and Headers are implemented in various runtimes.

The problematic code looks like this :

  for (const [key, value] of response.headers)
    event.node.res.appendHeader(key, value)

This behaves differently in different runtime. For example, in deno, response.headers will return multiple key/value pair with the same key named "set-cookie" but a different header value; whereas another runtime might return a comma separated string that can't be parsed easily, as comma themselves are valid character within the header.
This thread gives a good overview of the issue.
It looks like getSetCookie was implemented in the fetch spec to address the issues, but unfortunately it isn't implemented consistently in server runtimes, and only works for node 19 +.

To handle this with h3 without writing platform specific code, we could use splitCookieString to do that.

An alternative would be to detect the runtime (std-env ...) and deal with the set-cookie header differently according to the runtime specification.

Additional information

• Would you be willing to help implement this feature?