Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow multiple unmerged set-cookie headers. #1570

Merged
merged 2 commits into from Feb 9, 2018
+23 −9
Merged

fix: Allow multiple unmerged set-cookie headers. #1570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
393fc3c
fix: Allow multiple unmerged set-cookie headers.
lrowe Nov 21, 2017
624da33
Merge branch 'master' into allow-multiple-set-cookie
Feb 8, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 3 additions & 5 deletions lib/response.js
View file
Open in desktop
Expand Up @@ -21,12 +21,10 @@ var InternalServerError = errors.InternalServerError;
/**
* @private
* Headers that cannot be multi-values.
* @see #779, don't use comma separated values for set-cookie
* @see #986, don't use comma separated values for content-type
* @see http://tools.ietf.org/html/rfc6265#section-3
* @see #779, multiple set-cookie values are allowed only as multiple headers.
* @see #986, multiple content-type values / headers disallowed.
*/
var HEADER_ARRAY_BLACKLIST = {
'set-cookie': true,
'content-type': true
};

Expand Down Expand Up @@ -189,7 +187,7 @@ function patch(Response) {
* // => { 'x-foo': ['a', 'b'] }
* @example
* <caption>
* Note that certain headers like `set-cookie` and `content-type`
* Note that certain headers like `content-type`
* do not support multiple values, so calling `header()`
* twice for those headers will
* overwrite the existing value.
Expand Down
13 changes: 13 additions & 0 deletions test/response.test.js
View file
Open in desktop
Expand Up @@ -623,3 +623,16 @@ test('GH-1429: setting code with res.status not respected', function(t) {
t.end();
});
});

test('should support multiple set-cookie headers', function(t) {
SERVER.get('/set-cookie', function(req, res, next) {
res.header('Set-Cookie', 'a=1');
res.header('Set-Cookie', 'b=2');
res.send(null);
});

CLIENT.get(join(LOCALHOST, '/set-cookie'), function(err, _, res) {
t.equal(res.headers['set-cookie'].length, 2);
t.end();
});
});
11 changes: 7 additions & 4 deletions test/server.test.js
View file
Open in desktop
Expand Up @@ -2088,11 +2088,14 @@ test('gh-779 set-cookie fields should never have commas', function(t) {
CLIENT.get('/set-cookie', function(err, _, res) {
t.ifError(err);
t.equal(
res.headers['set-cookie'].length,
1,
'set-cookie header should only have 1 element'
res.rawHeaders.filter(function(keyOrValue) {
return keyOrValue === 'set-cookie';
}).length,
2,
'multiple set-cookie headers should not be merged'
);
t.equal(res.headers['set-cookie'], 'bar');
t.equal(res.headers['set-cookie'][0], 'foo');
t.equal(res.headers['set-cookie'][1], 'bar');
t.end();
});
});
Expand Down