You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we call the parse function with a cookie that contains the HttpOnly clause, it gets ignored.
constcookie=require("cookie");constparsedCookie=cookie.parse("Authentication=token; HttpOnly;",);console.log(parsedCookie.Authentication);// Works as expectedconsole.log(parsedCookie.HttpOnly);// Prints undefined
What do you think , should it be true instead of undefined?
The text was updated successfully, but these errors were encountered:
I think there must be a bug, also there are no test cases for this (AFAIK). So the fix for this might be considered as a major, as is changing the current behavior of the library?
Specifies the boolean value for the [HttpOnlySet-Cookie attribute][rfc-6265-5.2.6]. When truthy,
the HttpOnly attribute is set, otherwise it is not. By default, the HttpOnly attribute is not set.
I assume that we expected true in this case as the value is truthy.
Yeah, I took a quick look (not a deep dive) and I think it is a bug and so doesn't really need to be a major. As for the expectations, I think that you are reading that right and so your examples are correct expectations. I am not sure they are good expectations, and that maybe things should become more strict in the future, but that is not really required to address now imo.
When we call the
parse
function with a cookie that contains theHttpOnly
clause, it gets ignored.What do you think , should it be
true
instead ofundefined
?The text was updated successfully, but these errors were encountered: