-
-
Notifications
You must be signed in to change notification settings - Fork 925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Special-case Response.append_header to handle Set-Cookie #1265
Comments
I should have a PR up for this next week. |
kgriffs
added a commit
to kgriffs/falcon
that referenced
this issue
Jan 18, 2019
Previously, setting raw cookies was not supported without having to subclass Response and override several methods. This patch adds official support for this functionality, while also explicitly disallowing the use of Set-Cookie with certain generic header manipulation methods that have semantics that are incompatible with Set-Cookie. BREAKING CHANGE: Previously, several methods in the Response class could be used to attempt to set raw cookie headers. However, due to the Set-Cookie header values not being combinable as a comma-delimited list, this resulted in an unexpected and/or incorrect response being constructed for the user agent in the case that more than one cookie was being set. Fixes falconry#1265
kgriffs
added a commit
to kgriffs/falcon
that referenced
this issue
Jan 29, 2019
Previously, setting raw cookies was not supported without having to subclass Response and override several methods. This patch adds official support for this functionality, while also explicitly disallowing the use of Set-Cookie with certain generic header manipulation methods that have semantics that are incompatible with Set-Cookie. BREAKING CHANGE: Previously, several methods in the Response class could be used to attempt to set raw cookie headers. However, due to the Set-Cookie header values not being combinable as a comma-delimited list, this resulted in an unexpected and/or incorrect response being constructed for the user agent in the case that more than one cookie was being set. Fixes falconry#1265
kgriffs
added a commit
to kgriffs/falcon
that referenced
this issue
Feb 9, 2019
Previously, setting raw cookies was not supported without having to subclass Response and override several methods. This patch adds official support for this functionality, while also explicitly disallowing the use of Set-Cookie with certain generic header manipulation methods that have semantics that are incompatible with Set-Cookie. BREAKING CHANGE: Previously, several methods in the Response class could be used to attempt to set raw cookie headers. However, due to the Set-Cookie header values not being combinable as a comma-delimited list, this resulted in an unexpected and/or incorrect response being constructed for the user agent in the case that more than one cookie was being set. Fixes falconry#1265
kgriffs
added a commit
to kgriffs/falcon
that referenced
this issue
Feb 13, 2019
Previously, setting raw cookies was not supported without having to subclass Response and override several methods. This patch adds official support for this functionality, while also explicitly disallowing the use of Set-Cookie with certain generic header manipulation methods that have semantics that are incompatible with Set-Cookie. BREAKING CHANGE: Previously, several methods in the Response class could be used to attempt to set raw cookie headers. However, due to the Set-Cookie header values not being combinable as a comma-delimited list, this resulted in an unexpected and/or incorrect response being constructed for the user agent in the case that more than one cookie was being set. Fixes falconry#1265
vytas7
pushed a commit
that referenced
this issue
Feb 14, 2019
Previously, setting raw cookies was not supported without having to subclass Response and override several methods. This patch adds official support for this functionality, while also explicitly disallowing the use of Set-Cookie with certain generic header manipulation methods that have semantics that are incompatible with Set-Cookie. BREAKING CHANGE: Previously, several methods in the Response class could be used to attempt to set raw cookie headers. However, due to the Set-Cookie header values not being combinable as a comma-delimited list, this resulted in an unexpected and/or incorrect response being constructed for the user agent in the case that more than one cookie was being set. Fixes #1265
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When setting cookies directly (e.g., when proxying an upstream response with cookie headers), we must special-case Set-Cookie since the usual method of joining multiple header values with a comma is incorrect in that case.
I've got a prototype fix for this already, so I'll go ahead and work on a PR.
The text was updated successfully, but these errors were encountered: