Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V5 Docs - PrefixSecurity #398

Merged
merged 3 commits into from
Apr 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions api/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ docs/*.md

# subsequent PRs will un-ignore areas that are under review until
# all docs are complete and we can drop this ignore file entirely
!docs/tough-cookie.prefixsecurity.md
!docs/tough-cookie.md
!docs/tough-cookie.store.md
!docs/tough-cookie.store.*
Expand Down
10 changes: 10 additions & 0 deletions api/docs/tough-cookie.md
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,16 @@ Description

</td><td>

Cookie prefixes are a way to indicate that a given cookie was set with a set of attributes simply by inspecting the first few characters of the cookie's name. These are defined in [RFC6265bis - Section 4.1.3](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-13#section-4.1.3)<!-- -->.

The following values can be used to configure how a [CookieJar](./tough-cookie.cookiejar.md) enforces attribute restrictions for Cookie prefixes:

- `silent` - Enable cookie prefix checking but silently ignores the cookie if conditions are not met. This is the default configuration for a [CookieJar](./tough-cookie.cookiejar.md)<!-- -->.

- `strict` - Enables cookie prefix checking and will raise an error if conditions are not met.

- `unsafe-disabled` - Disables cookie prefix checking.


</td></tr>
<tr><td>
Expand Down
2 changes: 1 addition & 1 deletion api/tough-cookie.api.md
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ export function permuteDomain(domain: string, allowSpecialUseDomain?: boolean):
// @public
export function permutePath(path: string): string[];

// @public (undocumented)
// @public
export const PrefixSecurityEnum: Readonly<{
SILENT: "silent";
STRICT: "strict";
Expand Down
13 changes: 13 additions & 0 deletions lib/cookie/constants.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
/**
* Cookie prefixes are a way to indicate that a given cookie was set with a set of attributes simply by inspecting the
* first few characters of the cookie's name. These are defined in {@link https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-13#section-4.1.3 | RFC6265bis - Section 4.1.3}.
*
* The following values can be used to configure how a {@link CookieJar} enforces attribute restrictions for Cookie prefixes:
*
* - `silent` - Enable cookie prefix checking but silently ignores the cookie if conditions are not met. This is the default configuration for a {@link CookieJar}.
*
* - `strict` - Enables cookie prefix checking and will raise an error if conditions are not met.
*
* - `unsafe-disabled` - Disables cookie prefix checking.
* @public
*/
export const PrefixSecurityEnum = Object.freeze({
SILENT: 'silent',
STRICT: 'strict',
Expand Down
Loading