-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incompatibility with Fetch API #13
Comments
That's a good point, this was written before However, it also accepts a single |
If you'd like to send a PR to make it recognize fetch-style responses, that'd be welcome also ;) |
It doesn't seem like passing the output from the fetch API works in all cases. It seems like "httponly" without a subsequent "=" will break the multi-cookie-parsing logic. Here's an example of what I'm seeing: console.log(response.headers.get('Set-Cookie'));
> "anonymous=39070%3A0d96462004e99ee7c13af7d8ebd1bdffc9abf6b2c95070429a1737fe37f43154; expires=Wed, 12-Apr-2017 19:58:28 GMT; Max-Age=2591999; path=/~ashoat/squadcal/; domain=localhost; httponly, user=39071%3A9d3f1baa12032ce4a2120c0c72e75297f3620defaad8c09905c4d03a92c87aad; expires=Wed, 12-Apr-2017 19:58:29 GMT; Max-Age=2592000; path=/~ashoat/squadcal/; domain=localhost; httponly, anonymous=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/~ashoat/squadcal/; domain=localhost; httponly"
console.log(response.headers.getAll('Set-Cookie'));
// note that whole cookie string (including multiple cookies) is returned as one header by getAll
> ["anonymous=39070%3A0d96462004e99ee7c13af7d8ebd1bdffc9abf6b2c95070429a1737fe37f43154; expires=Wed, 12-Apr-2017 19:58:28 GMT; Max-Age=2591999; path=/~ashoat/squadcal/; domain=localhost; httponly, user=39071%3A9d3f1baa12032ce4a2120c0c72e75297f3620defaad8c09905c4d03a92c87aad; expires=Wed, 12-Apr-2017 19:58:29 GMT; Max-Age=2592000; path=/~ashoat/squadcal/; domain=localhost; httponly, anonymous=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/~ashoat/squadcal/; domain=localhost; httponly"]
// same result occurs with headers.getAll
console.log(setCookie.parse(response.headers.get('Set-Cookie')));
> [ { domain: "localhost", expires: "Wed Dec 31 1969 19:00:01 GMT-0500 (EST)", httpOnly: true,
"httponly, anonymous": "deleted", "httponly, user": "39071%3A9d3f1baa12032ce4a2120c0c72e75297f3620defaad8c09905c4d03a92c87aad", maxAge: 0, name: "anonymous", path: "/~ashoat/squadcal/", value: "39070:0d96462004e99ee7c13af7d8ebd1bdffc9abf6b2c95070429a1737fe37f43154" } ]
// note that only one cookie is returned, with keys like "httponly, user" |
Oh, geze. I didn't realize that setCookie.parse(response.headers.get('Set-Cookie').split(/, /g)); |
I think I found a better solution - using a for/of loop, it's possible to access each header individually: var cookies = [];
for(var header of response.headers) {
if (header[0] === 'set-cookie') {
cookies.push(setCookie.parse(header[1]);
}
}
console.log(cookies);
|
It looks like according to RFC 6265, only a single EDIT oops I may be wrong here - that's referring to the
This won't work because the "expires" clause can contain a comma, as it does in the example I gave above.
I don't follow the logic here - if there's only a single
You guessed it - I am using React Native. I use httponly cookies with browsers to prevent against XSS attacks (I assume you're doing the same). React Native ignores httponly, likely because XSS attacks aren't a thing in React Native. |
Try the for/of loop for me, if that doesn't work, then I'm not sure what to say :( |
Hey, My understanding is that |
For the record: loop |
Not Edit: I might be wrong there. Still worth a shot. |
@nfriedly |
@nfriedly |
I found this discussion really helpful |
Is there any magic that everyone can get Set-Cookie field except me? |
@ceciliazcx The short version is that access to the set-cookie header is not allowed in the fetch spec, but Node.js and React Native go ahead and allow it anyways. If you're not in one of those two environments, though, you shouldn't expect to have access to the header. (To be clear, "regular" React running in a browser will not have access to the set-cookie header from a fetch request.) This library was intended for server side usage in Node.js, and then extended to work with React Native. You might be able to get it to work in other contexts, but it's not a guarantee. |
The cookie parser does not recognize response returned by the Fetch API. That makes it nearly impossible to use the library in browser/Node.js/React Native environments.
The library assumes response to be a plain object with the
set-cookie
property. However, the Fetch Response has a different interface:The text was updated successfully, but these errors were encountered: