Ensure cookies set by middleware are included in error page responses

[matthewp]

If the user adds a cookie in middleware, but the result of rendering is an error page (404 or 500), currently those cookies are not preserved. This ensures that they are by merging the Set-Cookie header properly.

Changes

• Improves mergeResponses in BaseApp to properly transfer AstroCookies from the original response to the merged response during error page rendering
• Replaces Map-based header merging with headers.append() to correctly preserve multi-value headers like Set-Cookie

Testing

• Added 3 unit tests in test/units/middleware/middleware-app.test.js covering cookie preservation when middleware returns Response(null, { status: 404 }), Response(null, { status: 500 }), and multiple cookies through sequenced middleware

Docs

No docs changes needed.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0f7d5d0

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codspeed-hq]

Merging this PR will not alter performance

✅ 18 untouched benchmarks

---

_{Comparing fix/bugbot-100 (0f7d5d0) with main (e6e146c)¹}

Footnotes

1. No successful run was found on main (29682f3) during the generation of this report, so e6e146c was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩