Open motss opened 11 months ago
I'm seeing the same issue, is there any way to resolve this?
I met the same and I could fix it.
My cases is vitest.
I could fix by configuring url to https
url.
environmentOptions: {
happyDOM: {
url: "https://localhost:3000",
},
},
Possibly your tests are running on not https://
location.
If a cookie was marked secure on http://
page, it is ignored by browser.
This isn't happy-dom issue.
A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. It's never sent with unsecured HTTP (except on localhost), which means man-in-the-middle attackers can't access it easily. Insecure sites (with http: in the URL) can't set cookies with the Secure attribute. However, don't assume that Secure prevents all access to sensitive information in cookies. For example, someone with access to the client's hard disk (or JavaScript if the HttpOnly attribute isn't set) can read and modify the information.
That's a happy-dom issue because localhost is a secure context.
Describe the bug When setting a document.cookie with
Secure;
,document.cookie
will become an empty string.To Reproduce The following reduced test case shows that
Secure;
is not supported:Expected behavior When running
document.cookie = 'a=a; Secure; SameSite=Strict; path=/';
,document.cookie
should returna=a
instead of''
.Screenshots
N/A
Device:
12.10.3
EnvInfo:
Additional context
N/A