Skip to content

Commit 4aac580

Browse files
wilsonjacksonwilsonjackson
committedJan 25, 2023
fix(cookies): parse header correctly when merging cookies
·
v10.2.0v8.0.9
1 parent bc627ea commit 4aac580

File tree

2 files changed

+22
-2
lines changed

2 files changed

+22
-2
lines changed
 

‎src/node/index.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -855,8 +855,8 @@ Request.prototype.request = function () {
855855
if (hasOwn(this._header, 'cookie')) {
856856
// merge
857857
const temporaryJar = new CookieJar.CookieJar();
858-
temporaryJar.setCookies(this._header.cookie.split(';'));
859-
temporaryJar.setCookies(this.cookies.split(';'));
858+
temporaryJar.setCookies(this._header.cookie.split('; '));
859+
temporaryJar.setCookies(this.cookies.split('; '));
860860
req.setHeader(
861861
'Cookie',
862862
temporaryJar.getCookies(CookieJar.CookieAccessInfo.All).toValueString()

‎test/node/agency.js

+20
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ const request = require('../support/client');
99
const assert = require('assert');
1010
const should = require('should');
1111
const cookieParser = require('cookie-parser');
12+
const cookiejar = require('cookiejar');
1213
const session = require('express-session');
1314
let http = require('http');
1415

@@ -42,6 +43,10 @@ app.get('/getcookie', (request_, res) => {
4243
res.status(200).send(request_.cookies.cookie);
4344
});
4445

46+
app.get('/cookieheader', (request_, res) => {
47+
res.status(200).send(request_.headers.cookie);
48+
});
49+
4550
app.get('/dashboard', (request_, res) => {
4651
if (request_.session.user) return res.status(200).send('dashboard');
4752
res.status(401).send('dashboard');
@@ -120,6 +125,21 @@ describe('request', () => {
120125
assert.strictEqual(res.text, 'jar');
121126
}));
122127

128+
it('should produce a valid cookie header', (done) => {
129+
agent4
130+
.set('Cookie', 'first_cookie=dummy; cookie=jam')
131+
.get(`${base}/cookieheader`)
132+
.then((res) => {
133+
const cookiePairs = res.text.split('; '); // https://httpwg.org/specs/rfc6265.html#rfc.section.4.2.1
134+
assert.deepStrictEqual(cookiePairs, [
135+
'first_cookie=dummy',
136+
'cookie=jar',
137+
`connect.sid=${agent4.jar.getCookie('connect.sid', cookiejar.CookieAccessInfo.All).value}`,
138+
]);
139+
done();
140+
});
141+
});
142+
123143
it('should not share cookies between domains', () => {
124144
assert.equal(agent4.get('https://google.com').cookies, "");
125145
});

0 commit comments

Comments
 (0)
Please sign in to comment.