Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CookieStore should preserve the Set-Cookie header Array [#4743 state:…
…resolved] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
- Loading branch information
Showing
2 changed files
with
18 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Header values should never be an Array. We should revert this.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, we should go the other direction and always force it to be a string. I'll write a patch.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than just patch it up everywhere we should probably refactor the session code so that it goes through the CookieJar rather than writing out the session cookie directly itself. That way we're delegating the cookie handling to Rack, where it should be.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed this upgrading an app to 2.3.9 and Rack::Lint went nuts. Most rack servers will still handle legacy Array headers fine so this isn't super critical.
@pixeltrix I extracted some helpers to Rack::Utils awhile back for this reason.
This seems super broken too. We're converting Set-Cookie to an Array on the way out. (I'm sure git blame says I wrote the code too)
Array headers are fine internally as long as we cast them to strings on the way out so other middleware doesn't have to deal with them.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@josh I saw those and now that 2-3-stable is requiring Rack 1.1 we can use them. I think there's at least three places where cookies are being built so it's ripe for refactoring. This commit needs reverting as well.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pixeltrix that commit followed the convention that I set up with this commit. I'll have a look at using set_cookie_header! where possible instead.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jstorimer the session stores probably shouldn't be calling set_cookie_header! directly - we should let ActionController::CookieJar do the heavy lifting.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pixeltrix, the cookie store in Rails master already delegates to the cookie jar. All other stores are coming from Rack (where we can't have any delegation).
The response is also broken in Rails 3. I remember there is a logic to convert the Set-Cookie from an Array to a String and this definitely needs to be fixed as well.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a ticket in Lighthouse where I can track this issue? Thanks.
85b6d79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@boone Looks like this was already taken care of in e0eb8e9