cookie parsing is poor emulation of lambda #385
Comments
|
I solved this by visiting direct IP address in browser (i.e. 127.0.0.1 instead of localhost) |
|
@scaret this solution is poor because then you run into all sorts of issues when trying to use SSL in development which you can't sign for IP addresses, only for domains. Then you can't use secure cookies for sessions and you're SOL. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default hapi parses cookies, but the parser can error on strange cookie values (see hapijs/hapi#2513 for the issue, example bad cookie value:
{"eid":12345%2C"email":""%2C"hash":"abcde"%2C"level":"premium"%2C"name":"a%20Premium%20user"%2C"passportid":abcd1234%2C"username":"A%20user"%2C"uuid":"00000000-0000-0000-0000-00000000"%2C"signature":"1234\%2Fabcd\%2abcd="%2C"key":"v1"%2C"refreshed":1522855575})The above cookie causes a
{"statusCode":400,"error":"Bad Request","message":"Invalid cookie value"}response locally using serverless offline, but no such problem in production.Would setting
parse: falsein the HAPI options used by serverless-offline provide better emulation of production lambda?The text was updated successfully, but these errors were encountered: