Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie.parse() parsing #118

Closed
bnoordhuis opened this issue Dec 17, 2020 · 3 comments
Closed

cookie.parse() parsing #118

bnoordhuis opened this issue Dec 17, 2020 · 3 comments

Comments

@bnoordhuis
Copy link

bnoordhuis commented Dec 17, 2020
edited by dougwilson
Loading

removes security report
@dougwilson
Copy link
Contributor

Please report security issues privately so we have a chance to properly evaluate them and come up with a fix to release.

@dougwilson dougwilson changed the title cookie.parse() domain= parsing not RFC-compliant cookie.parse() parsing Dec 17, 2020
@dougwilson
Copy link
Contributor

I would add that cookie.parse, as outlined in our README (https://github.com/jshttp/cookie#cookieparsestr-options) is only for the Cookie header, but you referenced the Set-Cookie header parsing spec:

Parse an HTTP Cookie header string and returning an object of all cookie name-value pairs. The str argument is the string representing a Cookie header value and options is an optional object containing additional parsing options.

@bnoordhuis
Copy link
Author

Please report security issues privately so we have a chance to properly evaluate them and come up with a fix to release.

Consider adding the relevant info to the README because there's currently no way to divine that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @bnoordhuis