New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable loose cookie parsing in tough-cookie #1811
Conversation
Thanks, @Sebmaster, I just subscribed to the tough-cookie's PR thread. @lalitkapoor want to chime in? |
tough-cookie@2.2.0 now has the two PRs by @Sebmaster, specifically the changes to Tangental, but FYI: tough-cookie@2.1.0 updated the embedded public suffix list. Even if you don't want the loose parsing mode, |
thanks @stash-sfdc I'll review these shortly. Looks like we are already at 2.1.0. @greenkeeperio-bot will keep us notified when there is an updated :) |
greenkeeper doing its thing: #1824 👍 |
This makes sense to me. We want to be reasonably flexible, and since most browsers are lenient in this manner. By default, request should be as well. In the future it would be nice to eventually be able to specify these sort of things in a request option somewhere (in case someone does want to be strict). Letting it sit for a day to give anyone else some time to chime in on this. Looks good to me. 👍 Thanks for the pr @Sebmaster :) |
After thinking this through a bit more with @domenic, it seems like providing Instead, I'd suggest only enabling For more explanation regarding the inconsistencies:
|
@Sebmaster Just for reference I'm leaving a note to also look at your comments here - jsdom/jsdom#1255 |
tough-cookie 2.1.0 got a loose cookie mode which is more how browsers actually behave. It implies an empty key for value-only cookies.
Updated the PR to not force loose mode on the cookie jar, but instead create all cookie jars with loose mode enabled. |
@Sebmaster is this reviewable again? And what did you change from before? Removed the loose option in setCookie? Thanks. |
@lalitkapoor that was my thinking, @Sebmaster probably it would be better to keep all commits in PRs at least until prior merging, otherwise the conversation seems broken, and you can't diff between the changes. |
Sorry about that. Only removed the |
Enable loose cookie parsing in tough-cookie
👍 |
tough-cookie 2.1.0 got a loose cookie mode which is more how browsers actually behave. It implies an empty key for value-only cookies.
Not sure how request handles strict spec-compliance vs. practicality, so I thought I'd just get this started with a PR.