Closed etinquis closed 3 months ago
I had the same issue. After checking the createCors
implementation I found the lines that may be causing this issue:
// Return new response with CORS headers.
return new Response(body, {
status,
headers: {
...Object.fromEntries(headers),
...rHeaders,
...allowOrigin,
'content-type': headers.get('content-type'),
},
})
To add multiple headers with the same name I had to use the headers.append
method, so I believe that those lines should use this function instead. Later today I might create a PR to fix this, but I cannot do that atm
This has been addressed in the upcoming cors
rewrite #226. :)
Thanks for the investigation and discussion - it was hugely instrumental to make sure these edge cases were covered!
That said, it's a bit of a good-news/bad-news situation.
Stay tuned!
This has been fully addressed in the v5 release! Thanks again all!
Describe the Issue
When calling corsify on a response with multiple Set-Cookie headers, only one will be preserved.
Example Router Code
Expected Behavior
All Set-Cookie headers (and maybe any other duplicate headers?) should be preserved.
Actual Behavior
Only one Set-Cookie header is kept in the resulting response.
Environment (please complete the following information):