Closed joewalsh closed 5 years ago
It seems that every time a cookie value is added to response.http.cookies, all of the cookies are appended to the Set-Cookie response header.
response.http.cookies
Set-Cookie
So if I have cookies[a] = 1, then do cookies[b] = 2, the resulting header is Set-Cookie: a,a,b
cookies[a] = 1
cookies[b] = 2
Set-Cookie: a,a,b
If I then do cookies[c] = 3, the result is Set-Cookie: a,a,b,a,b,c and so on.
cookies[c] = 3
Set-Cookie: a,a,b,a,b,c
My specific case is a Vapor 3 app using SessionsMiddleware, I added another middleware CSRFMiddleware:
SessionsMiddleware
CSRFMiddleware
import Vapor final class CSRFMiddleware: Middleware, ServiceType { static func makeService(for container: Container) throws -> Self { return .init() } func respond(to req: Request, chainingTo next: Responder) throws -> EventLoopFuture<Response> { return try next.respond(to: req).map { res in res.http.cookies["csrf"] = HTTPCookieValue(string: "nope", expires: nil, maxAge: nil, domain: nil, path: nil, isSecure: false, isHTTPOnly: false, sameSite: nil) return res } } }
In configure.swift:
configure.swift
services.register(CSRFMiddleware.self) ... middlewares.use(CSRFMiddleware.self) middlewares.use(SessionsMiddleware.self)
Let me know if this is an invalid setup or there's something else I'm missing.
It seems that every time a cookie value is added to
response.http.cookies, all of the cookies are appended to theSet-Cookieresponse header.So if I have
cookies[a] = 1, then docookies[b] = 2, the resulting header isSet-Cookie: a,a,bIf I then do
cookies[c] = 3, the result isSet-Cookie: a,a,b,a,b,cand so on.My specific case is a Vapor 3 app using
SessionsMiddleware, I added another middlewareCSRFMiddleware:In
configure.swift:Let me know if this is an invalid setup or there's something else I'm missing.