[FEATURE] Add cookie-based resolvers for request validation #1985
Description
Why do we need this improvement?
The request validation middleware currently supports resolving values from sources such as headers, query parameters, and path parameters, but it does not support resolving values from cookies.
Many real-world APIs rely on cookies for authentication and contextual data (e.g. session identifiers, CSRF tokens, tenant or locale information). Because cookie-based resolvers are missing, request validation is incomplete and does not accurately reflect how APIs are used in practice.
There is also an explicit TODO in the validation middleware indicating that cookie-based resolvers are planned but not yet implemented, which highlights this as a known feature gap.
How will this change help?
Adding cookie-based resolvers will make request validation more complete and realistic by allowing the validator to extract and validate values from HTTP cookies.
This will:
- Improve correctness of request validation
- Align CLI behavior with real API usage patterns
- Enable validation of cookie-based authentication and contextual data
- Reduce discrepancies between documented schemas and runtime behavior
Screenshots
How could it be implemented/designed?
The validation middleware already uses resolvers to extract values from specific request sources (such as headers, query parameters, and path parameters). Cookie-based resolvers could follow the same pattern by:
- Parsing the
Cookieheader into key–value pairs - Allowing the validator to resolve values from cookies using the existing resolver interface
- Treating cookies as an optional resolver source, similar to headers or query parameters
This could be implemented via:
- A dedicated cookie resolver module
- Integration into the existing resolver selection logic
- Unit tests covering valid, missing, and malformed cookie scenarios
The design should remain backward compatible, as cookie resolution would only apply when explicitly required by validation rules.
🚧 Breaking changes
No
👀 Have you checked for similar open issues?
- I checked and didn't find a similar issue
🏢 Have you read the Contributing Guidelines?
- I have read the Contributing Guidelines
Are you willing to work on this issue?
Yes I am willing to submit a PR!