Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers with the same name get joined by comma that leads to confusion #465

Closed
kompot opened this issue Oct 3, 2016 · 3 comments · Fixed by #874
Closed

Headers with the same name get joined by comma that leads to confusion #465

kompot opened this issue Oct 3, 2016 · 3 comments · Fixed by #874

Comments

@kompot
Copy link

kompot commented Oct 3, 2016

Given the following HTTP response

Set-Cookie: cookie_key_1=yyy; Path=/
Set-Cookie: cookie_key_2=xxx; expires=Mon, 17-Oct-2016 17:16:25 GMT; httponly; Max-Age=1209600; Path=/

Headers object is the following:

headers: {
  ...
  'set-cookie': 'cookie_key_1=yyy; Path=/, cookie_key_2=xxx; expires=Mon, 17-Oct-2016 17:16:25 GMT; httponly; Max-Age=1209600; Path=/'
  ...
}

Seems like broken behaviour to me as it's not possible to split cookies into separate objects.
One of the solutions might be returning array in this case.
@kompot kompot changed the title Headers with the same name get joined by comma that leads to inconsistent behaviour Headers with the same name get joined by comma that leads to confusion Oct 3, 2016
@rubennorte
Copy link
Member

rubennorte commented Oct 4, 2016
edited
Loading

It isn't a broken behaviour. It's the behaviour defined by the HTTP standard (where any header allowed to have multiple values can be specified either as multiple headers or as a single header with comma-separated values).

We could return an array instead of combining the values, but that would be an important breaking change for the library and wouldn't prevent a server from sending a comma-separated Set-Cookie header (which is perfectly valid).

@rubennorte rubennorte reopened this Oct 4, 2016
@rubennorte
Copy link
Member

I'm sorry but I read the standard for HTTP State Management and it states that Set-Cookie cannot be folded as I explained:

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

This is actually a bug. We'll look into it or will be happy to accept a PR.

Thanks for reporting!

@rubennorte rubennorte added the bug label Oct 4, 2016
kompot added a commit to kompot/axios that referenced this issue Oct 11, 2016
@kompot
Fixing incorrect headers join.
c2a4b20 
Multiple headers were joined by comma which is unacceptable for
`Set-Cookie`. Now multiple headers are returned as array.
Fixes axios#465
@kompot kompot mentioned this issue Oct 11, 2016
Closed
@jcready
Copy link
Contributor

jcready commented Oct 11, 2016

Why not simply copy the Headers interface?

res.headers.get('set-cookie') // Returns "cookie_key_1=yyy; Path=/"
res.headers.getAll('set-cookie') // Returns [ "cookie_key_1=yyy; Path=/", "cookie_key_2=xxx; expires=Mon, 17-Oct-2016 17:16:25 GMT; httponly; Max-Age=1209600; Path=/" ]

You could also maintain the existing API, but also provide the getAll method.

res.headers['set-cookie'] // Returns "cookie_key_1=yyy; Path=/"
res.headers.getAll('set-cookie') // Returns [ "cookie_key_1=yyy; Path=/", "cookie_key_2=xxx; expires=Mon, 17-Oct-2016 17:16:25 GMT; httponly; Max-Age=1209600; Path=/" ]

@Jessidhia Jessidhia mentioned this issue Nov 28, 2016
Closed
@rubennorte rubennorte mentioned this issue Jan 6, 2017
Closed
@tybro0103 tybro0103 mentioned this issue Apr 29, 2017
Merged
@axios axios locked and limited conversation to collaborators May 22, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Duplicate header handling tybro0103/axios
3 participants
@rubennorte @kompot @jcready