-
Notifications
You must be signed in to change notification settings - Fork 753
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly copy headers to preserve duplicate set-cookie headers. #872
Properly copy headers to preserve duplicate set-cookie headers. #872
Conversation
Browser have a lot of bugs in relation to parsing concatenated set-cookie headers. This fixes that.
|
A wrangler prerelease is available for testing. You can install this latest build in your project with: npm install --save-dev https://prerelease-registry.developers.workers.dev/runs/2256106421/npm-package-wrangler-872 You can reference the automatically updated head of this PR with: npm install --save-dev https://prerelease-registry.developers.workers.dev/prs/872/npm-package-wrangler-872 Or you can use npx https://prerelease-registry.developers.workers.dev/runs/2256106421/npm-package-wrangler-872 dev path/to/script.js |
@@ -123,7 +161,7 @@ export default { | |||
// https://fetch.spec.whatwg.org/#null-body-status | |||
return new Response( | |||
[101, 204, 205, 304].includes(response.status) ? null : response.body, | |||
{ ...response, headers: new Headers([...response.headers.entries()]) } | |||
{ ...response, headers: copyHeaders(response.headers as Headers) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually think we can simplify this. I must have been tired when I first wrote this, because apparently just doing new Headers(response.headers)
is enough to correctly make a mutable copy of headers.
As explained to me by the ever-helpful champs: https://discord.com/channels/595317990191398933/910978223968518144/970105175924690994
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{ ...response, headers: copyHeaders(response.headers as Headers) } | |
{ ...response, headers: new Headers(response.headers) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Browser have a lot of bugs in relation to parsing concatenated set-cookie headers. This fixes that.
It used the new
getAll()
method which can be used with theset-cookie
header to get an array back. And when using.set
and.append
, the Worker runtime will emit multiple headers.This fixes the bug with multiple
set-cookie
headers that was introduced by #796.Unfortunately I could not add a test case to the end-to-end tests, because the udici library has no support for
getAll()
, so I can't determine if theset-cookie
headers were concatenated or not.