From 4aac580bc53e847a8d8fb8871876196494f278fc Mon Sep 17 00:00:00 2001 From: Majid Burney Date: Wed, 25 Jan 2023 11:39:46 -0800 Subject: [PATCH] fix(cookies): parse header correctly when merging cookies --- src/node/index.js | 4 ++-- test/node/agency.js | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/node/index.js b/src/node/index.js index ed1e46578..c08c39027 100644 --- a/src/node/index.js +++ b/src/node/index.js @@ -855,8 +855,8 @@ Request.prototype.request = function () { if (hasOwn(this._header, 'cookie')) { // merge const temporaryJar = new CookieJar.CookieJar(); - temporaryJar.setCookies(this._header.cookie.split(';')); - temporaryJar.setCookies(this.cookies.split(';')); + temporaryJar.setCookies(this._header.cookie.split('; ')); + temporaryJar.setCookies(this.cookies.split('; ')); req.setHeader( 'Cookie', temporaryJar.getCookies(CookieJar.CookieAccessInfo.All).toValueString() diff --git a/test/node/agency.js b/test/node/agency.js index 198ba0688..dbe8fa958 100644 --- a/test/node/agency.js +++ b/test/node/agency.js @@ -9,6 +9,7 @@ const request = require('../support/client'); const assert = require('assert'); const should = require('should'); const cookieParser = require('cookie-parser'); +const cookiejar = require('cookiejar'); const session = require('express-session'); let http = require('http'); @@ -42,6 +43,10 @@ app.get('/getcookie', (request_, res) => { res.status(200).send(request_.cookies.cookie); }); +app.get('/cookieheader', (request_, res) => { + res.status(200).send(request_.headers.cookie); +}); + app.get('/dashboard', (request_, res) => { if (request_.session.user) return res.status(200).send('dashboard'); res.status(401).send('dashboard'); @@ -120,6 +125,21 @@ describe('request', () => { assert.strictEqual(res.text, 'jar'); })); + it('should produce a valid cookie header', (done) => { + agent4 + .set('Cookie', 'first_cookie=dummy; cookie=jam') + .get(`${base}/cookieheader`) + .then((res) => { + const cookiePairs = res.text.split('; '); // https://httpwg.org/specs/rfc6265.html#rfc.section.4.2.1 + assert.deepStrictEqual(cookiePairs, [ + 'first_cookie=dummy', + 'cookie=jar', + `connect.sid=${agent4.jar.getCookie('connect.sid', cookiejar.CookieAccessInfo.All).value}`, + ]); + done(); + }); + }); + it('should not share cookies between domains', () => { assert.equal(agent4.get('https://google.com').cookies, ""); });