Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow multiple unmerged set-cookie headers. #1570

Merged
merged 2 commits into from Feb 9, 2018
Merged

fix: Allow multiple unmerged set-cookie headers. #1570

merged 2 commits into from Feb 9, 2018

Conversation

lrowe
Copy link
Contributor

@lrowe lrowe commented Nov 21, 2017

Pre-Submission Checklist

  • Opened an issue discussing these changes before opening the PR
  • Ran the linter and tests via make prepush
  • Included comprehensive and convincing tests for changes

Issues

Closes:

Changes

Fixes the fix for #779 to allow multiple set-cookie headers. The RFC only disallows these headers from being merged into a single header, it does not disallow multiple headers.

@DonutEspresso
Copy link
Member

DonutEspresso commented Nov 22, 2017
edited

Thanks for the PR! Oddly, this is the exact opposite of #779, but appears to have the desired behavior. Wonder if something in Node core changed where it knows about how to set multiple headers for certain headers (like cookies), rather than universally transforming multiple values into a comma delimited string.

Maybe @yunong can remember how the original issue was manifesting?

@lrowe
Copy link
Contributor Author

lrowe commented Nov 22, 2017

It looks like @yunong was wanting to avoid set-cookie headers being merged into a single header (as this is not valid per RFC.) Maybe this is something Restify did at one point? It looks like Node has supported Arrays for multiple header lines back to Sep 2010 nodejs/node-v0.x-archive@6560ab9 yet I see recent bugs like nodejs/node#3591 reporting that header merging is happening.

I've run this test script back to v0.10.48 and see an appropriate response with two separate Set-Cookie headers.

"use strict";

var http = require('http');
var port = 3000;

function requestHandler(request, response) {
  console.log(request.url);
  response.setHeader("Set-Cookie", ["a=1", "b=2"]);
  response.end('Hello Node.js Server!');
}

var server = http.createServer(requestHandler);

server.listen(port, function (err) {
  if (err) {
    return console.log('something bad happened', err);
  }

  console.log('server is listening on ' + port);
})

retrohacker
retrohacker approved these changes Nov 27, 2017
View reviewed changes
Copy link
Member

@retrohacker retrohacker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lrowe has extensively tested this across many versions of Node and it gives the desired behaviour. We have a test case in place to catch a regression from Node core if one happens.

If there are cases where Node core collapses Set-Cookie values into a comma separated list we can add a separate test for that in the future.

@DonutEspresso
Copy link
Member

LGTM

@retrohacker retrohacker merged commit df04015 into restify:master Feb 9, 2018
@dependabot-preview dependabot-preview bot mentioned this pull request Mar 21, 2018
Closed
This was referenced Apr 9, 2018
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@retrohacker retrohacker retrohacker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lrowe @DonutEspresso @retrohacker