[Edge] Set-Cookie headers are concatenated

sst / open-next

Open source Next.js serverless adapter

https://open-next.js.org

MIT License

3.7k stars 111 forks source link

[Edge] Set-Cookie headers are concatenated #386

Closed dg-lucasvieira closed 3 months ago

dg-lucasvieira commented 3 months ago

Issue

When the Next.js App is deployed to AWS Lambda@Edge and there is more than one set-cookie header in the response, the CloudFront response concatenates the entries into one set-cookie item.

Example

Header: set-cookie: test=1; Path=/; HttpOnly; Secure; SameSite=None, test=2; Path=/; HttpOnly; Secure; SameSite=None

and it should be:

set-cookie: test=1; Path=/; HttpOnly; Secure; SameSite=None set-cookie: test=2; Path=/; HttpOnly; Secure; SameSite=None

khuezy commented 3 months ago

Hi thanks for the report. Is this specific to L@E or does this happen everywhere?

lucasvieirasilva commented 3 months ago

I've only tested in the L@E, but looking at OpenNext's code the other places seem to be right.

I've raise a PR for that https://github.com/sst/open-next/pull/387

lucasvieirasilva commented 3 months ago

@conico974 thanks for merging and releasing the PR, I guess we can close this issue now

conico974 commented 3 months ago

Fixed in open-next@2.3.8 by https://github.com/sst/open-next/pull/387