Skip to content

Commit

Permalink
Merge pull request #1762 from Leafly-com/fix-cookie-header
Browse files Browse the repository at this point in the history
fix(cookies): parse header correctly when merging cookies
  • Loading branch information
titanism authored Jan 25, 2023
2 parents bc627ea + 4aac580 commit 4268ae4
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/node/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -855,8 +855,8 @@ Request.prototype.request = function () {
if (hasOwn(this._header, 'cookie')) {
// merge
const temporaryJar = new CookieJar.CookieJar();
temporaryJar.setCookies(this._header.cookie.split(';'));
temporaryJar.setCookies(this.cookies.split(';'));
temporaryJar.setCookies(this._header.cookie.split('; '));
temporaryJar.setCookies(this.cookies.split('; '));
req.setHeader(
'Cookie',
temporaryJar.getCookies(CookieJar.CookieAccessInfo.All).toValueString()
Expand Down
20 changes: 20 additions & 0 deletions test/node/agency.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const request = require('../support/client');
const assert = require('assert');
const should = require('should');
const cookieParser = require('cookie-parser');
const cookiejar = require('cookiejar');
const session = require('express-session');
let http = require('http');

Expand Down Expand Up @@ -42,6 +43,10 @@ app.get('/getcookie', (request_, res) => {
res.status(200).send(request_.cookies.cookie);
});

app.get('/cookieheader', (request_, res) => {
res.status(200).send(request_.headers.cookie);
});

app.get('/dashboard', (request_, res) => {
if (request_.session.user) return res.status(200).send('dashboard');
res.status(401).send('dashboard');
Expand Down Expand Up @@ -120,6 +125,21 @@ describe('request', () => {
assert.strictEqual(res.text, 'jar');
}));

it('should produce a valid cookie header', (done) => {
agent4
.set('Cookie', 'first_cookie=dummy; cookie=jam')
.get(`${base}/cookieheader`)
.then((res) => {
const cookiePairs = res.text.split('; '); // https://httpwg.org/specs/rfc6265.html#rfc.section.4.2.1
assert.deepStrictEqual(cookiePairs, [
'first_cookie=dummy',
'cookie=jar',
`connect.sid=${agent4.jar.getCookie('connect.sid', cookiejar.CookieAccessInfo.All).value}`,
]);
done();
});
});

it('should not share cookies between domains', () => {
assert.equal(agent4.get('https://google.com').cookies, "");
});
Expand Down

0 comments on commit 4268ae4

Please sign in to comment.