Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: warn on invalid cookie name characters #12806

Merged
merged 7 commits into from
Nov 5, 2024
Merged

fix: warn on invalid cookie name characters #12806

merged 7 commits into from
Nov 5, 2024
+16 −0

Conversation

eltigerchino
Copy link
Member

@eltigerchino eltigerchino commented Oct 14, 2024
edited
Loading

closes #12799

Adds a warning at dev time of which characters in the cookie name are invalid according to the RFC

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

  • Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

Sorry, something went wrong.

@eltigerchino
thanks to rich for the error message
Loading
Loading status checks…
99f4272
@eltigerchino
add todo
Loading
Loading status checks…
eed52f6
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 14, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 7756acc

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@eltigerchino
changeset
Loading
Loading status checks…
2dabc6d
@eltigerchino eltigerchino changed the title chore: warn on invalid cookie name character chore: warn on invalid cookie name characters Oct 14, 2024
@eltigerchino eltigerchino changed the title chore: warn on invalid cookie name characters fix: warn on invalid cookie name characters Oct 14, 2024
@eltigerchino
Update .changeset/old-points-tell.md

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
5267306
@eltigerchino
remove unused import
Loading
Loading status checks…
7756acc
dummdidumm
dummdidumm reviewed Oct 14, 2024
View reviewed changes
packages/kit/src/runtime/server/cookie.js
@@ -113,6 +116,14 @@ export function get_cookies(request, url, trailing_slash) {
* @param {import('./page/types.js').Cookie['options']} options
*/
set(name, value, options) {
// TODO: remove this check in 3.0
const illegal_characters = name.match(INVALID_COOKIE_CHARACTER_REGEX);
if (illegal_characters) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we only warn once per cookie name? Else you might get flooded depending on how often you use them

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dunno. We really don't want folks to miss this or their apps will break. If it's just one line in a thousand that their app logs then they might overlook it. I don't think this is terrible. Most people won't be affected, but we really do want folks to see it when they are

@benmccann benmccann merged commit 951224d into main Nov 5, 2024
13 checks passed
@benmccann benmccann deleted the warn-cookie-name branch November 5, 2024 00:44
@github-actions github-actions bot mentioned this pull request Nov 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dummdidumm dummdidumm

@benmccann benmccann

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Warn on invalid cookie name
3 participants
@eltigerchino @benmccann @dummdidumm