Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deleteCookie doesn't allow deleting cookies with the SameSite, Secure or unparsed attributes set #5049

Closed
KlaasSkelteAtEnatom opened this issue Jun 14, 2024 · 0 comments · Fixed by #5354
Closed

deleteCookie doesn't allow deleting cookies with the SameSite, Secure or unparsed attributes set #5049

KlaasSkelteAtEnatom opened this issue Jun 14, 2024 · 0 comments · Fixed by #5354
Labels
bug Something isn't working PR welcome A pull request for this issue would be welcome

Comments

@KlaasSkelteAtEnatom
Copy link
Contributor

Describe the bug
When setting a cookie with the attributes "Secure", "SameSite", or any other attribute that would scope the cookie to a narrower scope, deleteCookie will generate a cookie that doesn't delete that cookie.

Steps to Reproduce

  1. Set a cookie with the attributes "SameSite" (set to "Strict"), "Partitioned" and "Secure". (I don't remember the specific attribute that has this effect; Partitioned is what I'm concerned about and it doesn't matter for this bug report)
  2. Attempt to delete the cookie using deleteCookie, noticing that you can only specify the attributes path and domain.
  3. Observe that the cookie sent by Deno is missing the attributes "SameSite", "Secure" and "Partitioned".
  4. Observe that the browser refuses to delete the cookie.

Expected behavior

Deno allows deleting cookies with "SameSite", "Secure", etc. specified.

Environment

This isn't environment specific (although some browsers might be more forgiving when validating cookies).

  • OS: Debian 12
  • deno version: 1.44.2
  • std version: 0.216.0
@KlaasSkelteAtEnatom KlaasSkelteAtEnatom added bug Something isn't working needs triage labels Jun 14, 2024
@iuioiua iuioiua added PR welcome A pull request for this issue would be welcome and removed needs triage labels Jun 17, 2024
@kt3k kt3k mentioned this issue Jul 8, 2024
Merged
@kt3k kt3k closed this as completed in #5354 Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working PR welcome A pull request for this issue would be welcome
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(http): allow deleting cookie with secure, httpOnly and partitioned attributes kt3k/deno_std
2 participants
@iuioiua @KlaasSkelteAtEnatom