Closed diegodlh closed 1 year ago
This suddenly introduces a new issue in our code:
Set-Cookie is a forbidden response-header name: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie https://fetch.spec.whatwg.org/#forbidden-response-header-name
I'm using @maxlath's wikibase-edit module which depends on cross-fetch, which in turn depends on github/fetch.
I'm developing a plugin for Zotero, which runs on Firefox's runtime environment.
At some point, an
XMLHttpRequest
is sent, which returns a response with multiple "set-cookie" headers. For some reason, these headers are concatenated (bygetAllResponseHeaders()
andgetResponseHeader()
) with\n
instead of with\n\t
or,
. As a result,parseHeaders
fails withInvalid character in header field name
.I tried running some test requests on a recent Firefox browser (v85.0). I used Firefox's Browser Toolbox to debug the browser's main process, because otherwise
getAllResponseHeaders
andgetResponseHeader
would ignoreset-cookie
headers. I set up an Apache web server to send duplicateset-cookie
andMyHeader
headers. In Apache config file:Interestingly, whereas
getResponseHeader('set-cookie')
returns:getResponseHeader('MyHeader')
successfully returnsvalue1, value2
.I don't know enough about the HTTP protocol to understand if this is a bug in Firefox, or if it is an accepted behavior and should be handled by github/fetch.
I understand this may be related to #489.