Closed kamituel closed 1 year ago
As per RFC 6265, specifically section 4.1.1, attributes in the Set-Cookie header should be separated by ; - a semicolon followed by a space:
Set-Cookie
;
set-cookie-string = cookie-pair *( ";" SP cookie-av )
However, the ring.middleware.cookies doesn't add any spaces:
ring.middleware.cookies
((wrap-cookies (fn [_] {:cookies {"a" {:value "b" :http-only true :same-site :none :secure true :max-age 500}}})) {}) => {:headers {"Set-Cookie" ("a=b;HttpOnly;SameSite=None;Secure;Max-Age=500")}}
Each attribute (or the attribute-value pair) is preceeded by a space. For example:
{:headers {"Set-Cookie" ("a=b; HttpOnly; SameSite=None; Secure; Max-Age=500")}}
Nice catch. Looks like this was changed from the previous RFC, and Ring wasn't updated accordingly.
The problem
As per RFC 6265, specifically section 4.1.1, attributes in the
Set-Cookie
header should be separated by;
- a semicolon followed by a space:However, the
ring.middleware.cookies
doesn't add any spaces:Expected behaviour
Each attribute (or the attribute-value pair) is preceeded by a space. For example: