Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): decode encoded cookie name while creating universal storage #11984

Merged
merged 1 commit into from
Sep 8, 2023
Merged

fix(core): decode encoded cookie name while creating universal storage #11984

merged 1 commit into from
Sep 8, 2023

Conversation

HuiSF
Copy link
Contributor

@HuiSF HuiSF commented Sep 6, 2023
edited
Loading

Description of changes

Issue #, if available

#11945

Description of how you validated changes

  • Decode the cookie header before using the value to create a cookie store

Context

When Amplify.configure({ ssr: true }), the Cognito auth tokens will be stored in cookie store. This is handled by the package amazon-cognito-identity-js using js-cookie under the hood.

Per RFC 6265 section 4.1.1 and RFC 2616 section 2.2, a cookie name must be a token that doesn't contain any separators.

In the situation described in the linked issue, the cookie name contains '@' as a part of user email address, hence, js-cookie encodes it following above the aforementioned standard. However, the UniversalStorage creates a cookie store instance using the cookie header value directly, without decoding it, this further caused the issue.

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

jimblanc
jimblanc approved these changes Sep 6, 2023
View reviewed changes
Copy link
Contributor

@jimblanc jimblanc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@HuiSF HuiSF marked this pull request as ready for review September 6, 2023 22:02
@HuiSF HuiSF requested review from a team as code owners September 6, 2023 22:02
cwomack
cwomack approved these changes Sep 8, 2023
View reviewed changes
Copy link
Contributor

@cwomack cwomack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@HuiSF HuiSF merged commit 254f83b into main Sep 8, 2023
29 checks passed
@HuiSF HuiSF deleted the hui/fix/core/decode-cookie-header branch September 8, 2023 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimblanc jimblanc jimblanc approved these changes

@cwomack cwomack cwomack approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@HuiSF @jimblanc @cwomack