Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netlify Adapter splits set-cookie headers at commas, disrupting the expires parameter #4087

Closed
Auroratide opened this issue Feb 23, 2022 · 1 comment · Fixed by #4096
Closed

Netlify Adapter splits set-cookie headers at commas, disrupting the expires parameter #4087

Auroratide opened this issue Feb 23, 2022 · 1 comment · Fixed by #4096
Labels
pkg:adapter-netlify
Milestone
1.0

Comments

@Auroratide
Copy link
Contributor

Describe the bug

Specifying the expires attribute when setting a cookie on an endpoint causes the Netlify Adapter to emit two set-cookie headers (neither with expiry) instead of one single header with the designated expiry. More specifically, a header like this:

set-cookie: flavor=chocolate%20chip; Expires=Wed, 23 Feb 2022 17:17:53 GMT

Gets converted into this:

set-cookie: flavor=chocolate%20chip; Expires=Wed
set-cookie: 23 Feb 2022 17:17:53 GMT

I suspect that the Netlify handler code is too simple, as it splits the set-cookie header at every comma. Since the date format requires a comma per the date specification, this means expiry gets split by the adapter.

The code under suspicion:

headers.forEach((value, key) => {
    if (key === 'set-cookie') {
        m[key] = value.split(', ');
    } else {
        h[key] = value;
    }
});

Reproduction

I have deployed a tiny app on Netlify showcasing the issue. It allows you to attempt to set and unset a flavor cookie, and if you observe the network request/response in the developer tools, you can see the cookie is not set correctly.

Logs

No response

System Info

System:
    OS: macOS 11.6.1
    CPU: (8) arm64 Apple M1
    Memory: 151.03 MB / 16.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 17.5.0 - /opt/homebrew/bin/node
    Yarn: 1.22.10 - /opt/homebrew/bin/yarn
    npm: 8.4.1 - /opt/homebrew/bin/npm
  Browsers:
    Chrome: 98.0.4758.102
    Firefox: 97.0.1
    Safari: 15.1
  npmPackages:
    @sveltejs/adapter-auto: next => 1.0.0-next.17 
    @sveltejs/adapter-netlify: ^1.0.0-next.46 => 1.0.0-next.46 
    @sveltejs/kit: next => 1.0.0-next.283 
    svelte: ^3.44.0 => 3.46.4

Severity

serious, but I can work around it

Additional Information

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pkg:adapter-netlify
Projects
None yet
Milestone
1.0
Development

Successfully merging a pull request may close this issue.

[fix] Use headers.raw() on split_headers JeanJPNM/kit
3 participants
@benmccann @geoffrich @Auroratide