diff --git a/lib/response.js b/lib/response.js
index 672e0ea93..0d4d69b76 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -20,12 +20,10 @@ var InternalServerError = errors.InternalServerError;
/**
* @private
* Headers that cannot be multi-values.
- * @see #779, don't use comma separated values for set-cookie
- * @see #986, don't use comma separated values for content-type
- * @see http://tools.ietf.org/html/rfc6265#section-3
+ * @see #779, multiple set-cookie values are allowed only as multiple headers.
+ * @see #986, multiple content-type values / headers disallowed.
*/
var HEADER_ARRAY_BLACKLIST = {
- 'set-cookie': true,
'content-type': true
};
@@ -188,7 +186,7 @@ function patch(Response) {
* // => { 'x-foo': ['a', 'b'] }
* @example
*
- * Note that certain headers like `set-cookie` and `content-type`
+ * Note that certain headers like `content-type`
* do not support multiple values, so calling `header()`
* twice for those headers will
* overwrite the existing value.
diff --git a/test/response.test.js b/test/response.test.js
index e5865cb36..0876228fe 100644
--- a/test/response.test.js
+++ b/test/response.test.js
@@ -623,3 +623,16 @@ test('GH-1429: setting code with res.status not respected', function(t) {
t.end();
});
});
+
+test('should support multiple set-cookie headers', function(t) {
+ SERVER.get('/set-cookie', function(req, res, next) {
+ res.header('Set-Cookie', 'a=1');
+ res.header('Set-Cookie', 'b=2');
+ res.send(null);
+ });
+
+ CLIENT.get(join(LOCALHOST, '/set-cookie'), function(err, _, res) {
+ t.equal(res.headers['set-cookie'].length, 2);
+ t.end();
+ });
+});
diff --git a/test/server.test.js b/test/server.test.js
index ec14d119b..0a5155978 100644
--- a/test/server.test.js
+++ b/test/server.test.js
@@ -2088,11 +2088,14 @@ test('gh-779 set-cookie fields should never have commas', function(t) {
CLIENT.get('/set-cookie', function(err, _, res) {
t.ifError(err);
t.equal(
- res.headers['set-cookie'].length,
- 1,
- 'set-cookie header should only have 1 element'
+ res.rawHeaders.filter(function(keyOrValue) {
+ return keyOrValue === 'set-cookie';
+ }).length,
+ 2,
+ 'multiple set-cookie headers should not be merged'
);
- t.equal(res.headers['set-cookie'], 'bar');
+ t.equal(res.headers['set-cookie'][0], 'foo');
+ t.equal(res.headers['set-cookie'][1], 'bar');
t.end();
});
});