Make Secure Cookies Available to Capacitor?

[gjb-amazon]

Hi there! Something we've noticed in Capacitor on iOS is that, if we serve assets from the app bundle and we use the cookie plugin to patch document.cookie, any cookies that have the Secure flag are not provided to the web view when querying document.cookie. I believe this is because, when asking for cookies from HTTPCookieStorage, it takes the scheme of the URL into account when determining whether to return secure cookies or not. Since local assets use a custom scheme for loading, and this isn't considered a secure context, then secure cookies are not returned.

We could fix this by removing the Secure flag from our cookies, but since Capacitor syncs to the shared cookie storage and we use those cookies for other things in our app, we'd like to avoid that if possible. I'm wondering if you'd be open to a PR that would modify the URL provided to HTTPCookieStorage that would change the scheme to be https so secure cookies could be returned. I wanted to start a discussion here first to see if you're interested before I submit a PR, and to serve as a place to hash out some of the details (like, if you're interested in this, maybe you want it to be opt-in with a configuration option? not sure).

Thanks!