Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: Allow multiple unmerged set-cookie headers. (#1570)
  • Loading branch information
lrowe authored and William Blankenship committed Feb 9, 2018
1 parent 656e60e commit df04015
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 9 deletions.
8 changes: 3 additions & 5 deletions lib/response.js
Expand Up @@ -20,12 +20,10 @@ var InternalServerError = errors.InternalServerError;
/**
* @private
* Headers that cannot be multi-values.
* @see #779, don't use comma separated values for set-cookie
* @see #986, don't use comma separated values for content-type
* @see http://tools.ietf.org/html/rfc6265#section-3
* @see #779, multiple set-cookie values are allowed only as multiple headers.
* @see #986, multiple content-type values / headers disallowed.
*/
var HEADER_ARRAY_BLACKLIST = {
'set-cookie': true,
'content-type': true
};

Expand Down Expand Up @@ -188,7 +186,7 @@ function patch(Response) {
* // => { 'x-foo': ['a', 'b'] }
* @example
* <caption>
* Note that certain headers like `set-cookie` and `content-type`
* Note that certain headers like `content-type`
* do not support multiple values, so calling `header()`
* twice for those headers will
* overwrite the existing value.
Expand Down
13 changes: 13 additions & 0 deletions test/response.test.js
Expand Up @@ -623,3 +623,16 @@ test('GH-1429: setting code with res.status not respected', function(t) {
t.end();
});
});

test('should support multiple set-cookie headers', function(t) {
SERVER.get('/set-cookie', function(req, res, next) {
res.header('Set-Cookie', 'a=1');
res.header('Set-Cookie', 'b=2');
res.send(null);
});

CLIENT.get(join(LOCALHOST, '/set-cookie'), function(err, _, res) {
t.equal(res.headers['set-cookie'].length, 2);
t.end();
});
});
11 changes: 7 additions & 4 deletions test/server.test.js
Expand Up @@ -2088,11 +2088,14 @@ test('gh-779 set-cookie fields should never have commas', function(t) {
CLIENT.get('/set-cookie', function(err, _, res) {
t.ifError(err);
t.equal(
res.headers['set-cookie'].length,
1,
'set-cookie header should only have 1 element'
res.rawHeaders.filter(function(keyOrValue) {
return keyOrValue === 'set-cookie';
}).length,
2,
'multiple set-cookie headers should not be merged'
);
t.equal(res.headers['set-cookie'], 'bar');
t.equal(res.headers['set-cookie'][0], 'foo');
t.equal(res.headers['set-cookie'][1], 'bar');
t.end();
});
});
Expand Down

0 comments on commit df04015

Please sign in to comment.