search

theodorejb / es-cookie

A simple, lightweight module for handling cookies
MIT License
45 stars 2 forks source link

Secure attribute breaks setter #9

Closed danew closed 4 years ago

danew commented 4 years ago

When using es-cookie to set a cookies value with the secure attribute the code fails on the majority of browsers I have tested, including the latest Chrome versions.

Here's an overview of the browsers I have tested: Browser Version Pass/Fail
Firefox 76.0.1 (64-bit) Fail
Firefox 77.0b3 (64-bit) Pass
Chrome Version 81.0.4044.138 (Official Build) (64-bit) Fail
Chrome Version 84.0.4143.0 (Official Build) canary (64-bit) Fail

Version: 1.2.0 and 1.3.2

Steps To Reproduce

  1. Add the follow test to test.ts 
    it('should write value "[object Object]" with Secure flag', function () {
Cookies.set('c', '[object Object]', { secure: true });
assert.strictEqual(Cookies.get('c'), '[object Object]');
});
  2. Run npm run prepublish; npm start; open http://localhost:8080/test/browser/

Link to code example: https://github.com/danew/es-cookie-test

The current behaviour

The cookie doesn't get set when using the secure attribute when it is set to true.

The expected behaviour

The cookie is correctly set when the secure attribute is set to true.

theodorejb commented 4 years ago

@danew I'm not sure I'd expect it to be set when you test it on an insecure connection. Try doing the same thing with the document.cookie API - I expect that you will get the same results.

danew commented 4 years ago

@danew I'm not sure I'd expect it to be set when you test it on an insecure connection. Try doing the same thing with the document.cookie API - I expect that you will get the same results.

Good call out. Reference:

Thanks for your help @theodorejb