-
-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Koa should strip quotes for returned cookie values #1561
Comments
naruaway
changed the title
Koa should strip quotes when returning cookie value
Koa should strip quotes for returned cookie values
Sep 3, 2021
Sure, whenever there's a 0.9 release I'll bump cookies version in master. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some web framework sometimes uses "quoted-string" as defined in RFC 2965 as a cookie value and it causes web browsers to send a header like
Cookie: my_value_a=x; my_value_b="abc:def:xyz";
.In this case,
ctx.cookies.get("my_value_b")
returns"abc:def:xyz"
rather thanabc:def:xyz
(no quotes), which is not developer friendly and error-prone when dealing with cookies from other web frameworks.Since both Django and Express are automatically stripping quotes under the hood (see this PR for details), I think koa should also automatically strip quotes for cookie values.
Possible solutions
cookies
npm package, which is used in koa. If this gets accepted, we can just bump up the version ofcookies
npm package.The text was updated successfully, but these errors were encountered: