search

jshttp / cookie

HTTP server cookie parsing and serialization
MIT License
1.36k stars 159 forks source link

Incorrect parsing of cookies #212

Closed bytesnz closed 2 days ago

bytesnz commented 2 days ago

Just came across a set-cookie header value that is not correctly parsed by 1.0.1. Presuming it is due to the HttpOnly attribute. I'm using cookie to parse cookies received during testing API endpoints in node, hence the receiving the HttpOnly attribute

import cookie from 'cookie';

const cookies = cookie.parse('s=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Path=/; HttpOnly; SameSite=Strict, c=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy; Path=/; HttpOnly; SameSite=Strict');

results in

{
  s: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  Path: '/',
  SameSite: 'Strict, c=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy'
}
wesleytodd commented 2 days ago

This package does not parse the set-cookie header. https://github.com/jshttp/cookie?tab=readme-ov-file#cookieparsestr-options

wesleytodd commented 2 days ago

Maybe this will help? https://github.com/jshttp/cookie/pull/213

bytesnz commented 2 days ago

Maybe this will help? #213

Yeah, that quick note will be perfect. My bad for not looking at previous issues. :bow:

wesleytodd commented 2 days ago

No worries! It happens, and it spurred me to finally open that PR after seeing this question many times over many years. Cheers!