search

elysiajs / elysia

Ergonomic Framework for Humans
https://elysiajs.com
MIT License
10.11k stars 214 forks source link

Cookie settings not used #519

Closed m1212e closed 1 month ago

m1212e commented 7 months ago

What version of Elysia.JS is running?

0.8.17

What platform is your computer?

No response

What steps can reproduce the bug?

Use this script and visit the page

import { Elysia, t } from "elysia";

const app = new Elysia({})

    .guard({
        cookie: t.Cookie(
            {
                sessionId: t.Optional(t.String()),
            },
            {
                httpOnly: true,
                maxAge: 60 * 60 * 24 * 7, // 7 days
                sameSite: "strict",
                secure: true,
                secrets: ["secret", "key"],
                sign: ["sessionId"],
                path: "/",
            },
        ),
    })
    .get("/", ({ cookie: { sessionId } }) => {
        if (sessionId.value === undefined) {
            sessionId.value = "1234";
        }
        return sessionId.value;
    })
    .listen(1234);

console.log(
    `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);

What is the expected behavior?

I'd expect the cookie header to contain the specified values and the cookie value to be signed.

What do you see instead?

Instead I just get the value:

HTTP/1.1 200 OK
set-cookie: sessionId=1234
content-type: text/plain;charset=utf-8
Date: Wed, 06 Mar 2024 20:51:58 GMT
Content-Length: 4

Additional information

Setting the cookie settings manually works: sessionId.httpOnly = true; but this way I cannot make use of elysias built in cookie sign feature.

A workaround would be to use this instead:

import { Elysia, t } from "elysia";

const app = new Elysia({
    cookie: {
        httpOnly: true,
        maxAge: 60 * 60 * 24 * 7, // 7 days
        sameSite: "strict",
        secure: true,
        secrets: ["secret", "key"],
        sign: ["sessionId"],
        path: "/",
    },
})
    .guard({
        cookie: t.Object({
            sessionId: t.Optional(t.String()),
        }),
    })
    .get("/", ({ cookie: { sessionId } }) => {
        if (sessionId.value === undefined) {
            sessionId.value = "1234";
            sessionId.httpOnly = true;
        }
        return sessionId.value;
    })
    .listen(1234);

console.log(
    `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);

ALSO: I'm not sure if this is related, but whenever there is already a cookie set and sent along in the request which issues the cookie, the same error appears, the cookie options are not set.

mdauthentic commented 4 months ago

I'm facing the same issue described by @m1212e above. Any fix for this?

SaltyAom commented 1 month ago

Unable to reproduce on the latest version (1.1.9) with the code you provided. Probably have been fixed with the previous subsequent versions of Elysia.

Closing as unable to reproduce and probably complete. If the problem still persist, feel free to reopen the issue.