Unable to set more than one cookie

[rustam-crunch]

Unable to set more than one cookie

Sorting

• I'm submitting a ...

  • bug report
  • [*] feature request
  • [*] support request

• I confirm that I

  • [*] used the search to make sure that a similar issue hasn't already been submitted

Expected Behavior

Multiple Set-Cookie headers with different names should be allowed to set with Controller.setHeader() method

Current Behavior

Controller.setHeader() method now adds new header to the object with signature:
{ [name: string]: string | undefined }
Which makes impossible to add multiple headers of the same type. But it should be possible, at least for Set-Cookies header RFC6265

Possible Solution

Change the signature of headers property in Controller to { [name: string]: string | undefined }[]
Change templates for routes with support for set Multiple headers

[WoH]

Sorry about my lack of knowledge here. Does this only apply to Set-Cookie or are there other headers the server should provide multiple times without folding them?

[rustam-crunch]

I've made some investigations about the subject.
This applies at least Set-Cookie header, but definitely there could be few more, especially taking into account mess in the related standards and definitions

Another thing I discovered: Issue can(and probably should) be solved just by allowing Controller.setHeader() method to accept an array of strings but not only strings.
For Express and Koa middleware templates, this wouldn't need any changes. But looks like Hapi.js middleware template should be changed to accept header value as an array of string but not a single string.

[lassemon]

Bump, I have this exact same issue. I want to use passport jwt with tsoa which requires me to set both the token and the refreshToken from the login endpoint. i.e.:,

this.setHeader('Set-Cookie', `token=${authToken}; HttpOnly`)
this.setHeader('Set-Cookie', `refreshToken=${refreshToken}; HttpOnly`)

Currently this results in only the refreshToken being set, because there can be only one Set-Cookie header.

I tried to checkout the tsoa code and make relevant changes for a PR, but unfortunately I don't undestrand the code of tsoa well enough to make that change.

[tsimbalar]

@lassemon At least with express, you can actually pass an array of strings to setHeader.

We used it in our project.

You should be able to do :

this.setHeader('Set-Cookie', [`token=${authToken}; HttpOnly`, `refreshToken=${refreshToken}; HttpOnly`]);

Typescript will complain, as theoretically the method accepts string | undefined , but you can add a "typescript ignore comment" for now, such as // @ts-expect-error.

So you would end up with

// @ts-expect-error
this.setHeader('Set-Cookie', [`token=${authToken}; HttpOnly`, `refreshToken=${refreshToken}; HttpOnly`]);

[lassemon]

@tsimbalar Yes thank you!!
I was/am indeed using express and the above solution works! This solved my problem for now.