Max cookie size assert

addon/services/cookies.js

@@ -9,6 +9,7 @@ import { merge, assign as emberAssign } from '@ember/polyfills';
 const { keys } = Object;
 const assign = Object.assign || emberAssign || merge;
 const DEFAULTS = { raw: false };
+const MAX_COOKIE_BYTE_LENGTH = 4096;
 
 export default Service.extend({
   _isFastBoot: reads('_fastBoot.isFastBoot'),
@@ -76,8 +77,11 @@ export default Service.extend({
     assert('Cookies cannot be set to be HTTP-only as those cookies would not be accessible by the Ember.js application itself when running in the browser!', !options.httpOnly);
     assert("Cookies cannot be set as signed as signed cookies would not be modifyable in the browser as it has no knowledge of the express server's signing key!", !options.signed);
     assert('Cookies cannot be set with both maxAge and an explicit expiration time!', isEmpty(options.expires) || isEmpty(options.maxAge));
+
     value = this._encodeValue(value, options.raw);
 
+    assert(`Cookies larger than ${MAX_COOKIE_BYTE_LENGTH} bytes are not supported by most browsers!`, this._isCookieSizeAcceptable(value));
+
     if (this.get('_isFastBoot')) {
       this._writeFastBootCookie(name, value, options);
     } else {
@@ -212,5 +216,23 @@ export default Service.extend({
     }
 
     return cookie;
+  },
+
+  _isCookieSizeAcceptable(value) {
+    // Counting bytes varies Pre-ES6 and in ES6
+    // This snippet counts the bytes in the value
+    // about to be stored as the cookie:
+    // See https://stackoverflow.com/a/25994411/6657064
+    let _byteCount = 0;
+    let i = 0;
+    let c;
+    while ((c = value.charCodeAt(i++))) {
+      /* eslint-disable no-bitwise */
+      _byteCount += c >> 11 ? 3 : c >> 7 ? 2 : 1;
+      /* eslint-enable no-bitwise */
+    }
+
+    return _byteCount < MAX_COOKIE_BYTE_LENGTH;
   }
+
 });

tests/unit/services/cookies-test.js

@@ -306,6 +306,14 @@ describe('CookiesService', function() {
 
         this.subject().write(COOKIE_NAME, 'test', { path: '/sample-path', maxAge: 1000 });
       });
+
+      it('throws when a larger than allowed cookie is set', function() {
+        expect(() => {
+          let largeValue = '4ic1l5ar5cuo0tzmrmup46za4u3mvbvwpq108fvoa9yi97iy2oovq3tx02b6pdvfd7i38yzaza75jy3alv7qex5s90a56finh1hu53pivk0ei1v8bf2yhc56d3w1ct5b6z8yoo34z785lp0rh28y71jhed1uixuc0lxz7jvwsk3bhx2vfkkbi7n7qhrq0gj5orj0iruc7kirbzdro26wawq9x29xm4shs0smygr072sokz835o6cdqbzx4otgib3qdig4ih0rcx0fy8jabmfhnev5g6c4830311viozls2h2jt1182lkd9xis8o4c0dgypx4rt6wmca1rfwi3fnmugdeq7ft7bblkpawu1785i9phlccp55pu65f75r5ncnusm6im3lma5o2rxsr816oqzvy25wejgr2s1iriogbhf1k5xzj3kukwgxvf74xxz9dsnurlkv4albdormyjr6mucbntzxr067qhae9afvfich85x8f8pumfugwi5tgzoikhx5c6hb34o4m96esg150etr5ni6eyy7c8y0v5ybju4c7o5qqkn4bdmetkxflebi7kac7t6p3i7k38sxi2msdff5gwudaum6kcrfchqs3jcsby8mdj9qpo5w60cejl7l4b4ijurho4tupko384movxaolzk896ph4wcbw0x7bechojepiczetwankmj6unuedz3rehc895kutsy3tsgv8os7hppmbeu3lcnpb03gf38tkgeg7ystkdkuttyzyium4sf26ky7ggw7jzstcp2yfbhvnsfibirsmga4e69fyz382omf49bqgde2cvyz8ah286fpmfhy0w1akpcq3a7t9ulmf3yec246rez8s45e7sp6f0cqnaixjdugk48yxmdiukf72kq3cgxaswfudd8dnidxmy7dqupk7d74gyrlpunz6munu30l4t5wmsijewpfgmcotg8swvnyu89rrofub1fjgco6ofujgqqilppi561pn4lx0423hfsn9orv4vnh66ba8c7oiisale9abej55wnd9h8putotwu2qyo7rlmhj0ljrm5qqqiw9wlfupne56yxcgipw6lvoq169etef7614uku0t98xnjtbtp1aow2iirkofua66gkx5bdcplr6wle1jdpglr5r3nnr6hjx2tc5np3nnoordddd4knfvy7iizx7kkh4yvzhj6unngy9lscyznn0tfnvm3yrxr55f1rlqars6dvg0swtjsijtme87ihr14v2m74w5b8v9yi6bkgtjh0s3qc867dartrk47wiuy34ag4q5cbc3pvdstwqzhwga6cz7hdav7jwlo3bxcw2xy8y76d2marpucv7zdwluasbj384p7es18ca7jlazclax8w0sqsvq4e5coy6b8pux295ll5grm4y6o95sn8f604u6rhwec35hekkufe8sbyfcge7gv3jvscjuf1hy0jryz35mvbyie1a6trfcx24tr75w6mqz6ke9p2vm0gwhdlxlm6wr99n001v9h9kh6829ahqmkjube048oebffkgxe3h40abponjhhl9m7k71uknotwshpe8mm59549d8iotk8geni8z1ecb5r2nk10622om52ndzw1tuoy658af5ireg819u0jqnespqvwoylxkkw2bcqqregqanwpojjnauehl8swhfur8q0avpmqkhrtj58p7w8g38tr9e3eclmjjgoocs4ezpxie1flgcxqedsewos6xnyd0nahhq1jges3bgj7u4o2yood6xefceiwavufw96tcs163ectl1fyymvds8izi9vev567rdvji7xx8wpb82ovlydb6mlhob0misikzs9zxbyvkfmgslgyn7emj7gu6hjwvatqzraswelnj3hpr79cgit3d9x4q2vjwmw63izyohxstvcq92hthdhfupryl7m5qyny3ni34xvzrikrkq0cfragc7gjrni8172960re4kxr9osyvif4flxbp9me232n8nngqyh70xofwuz80c6o3obmzg71gieaxey5usdqtxsnmrvnw0poqi7bitpkbrny4mbp0s1n7w8n5s2n5ic7ui2cv6nodce3yckfd5xanigopgml0epsbputval3wphitjhgvm79fyffc058nmpexjx5t9x5xtmltey3dwgwrhyh8udm6smu9wqeydo2ri4hpgdffrcc5jkx9ejwepkd26fseza4s7qurgj0gihgovne2zx8l6yq6f90gm06tturm2pp7o58671o74jk2oy9x3o23a89ae3kfk2irobz3rk9f9tqxcqwzftrb8hjrtof9xbkoga0bh6n7o4wyrga9mi2ttiw3iadp7jq3bgeia8p92k01ucbdf8blb54r02wzmutihor4sxjozodcz5oz0pq7hlgdgizf3beb2vppdimzn6q6ftbchr0qd7amdb41zx3fmf512w7yimmd15ctjwwgbqaxukmwvhfca04bmtpwtqcl5ikp07le34e9wkhcehzrb3btjk0o05cdtxp73y9q3h9b56laki1p397yv30xzh7icdqaa6m7ctsupen0vx84z0hat3qtxzogsry4f44sv3p0ctfia1xgefucmpm9uyfdq59sv3p5momwh296azdjnbnksr677cogfsbeafcgpu7ke86p42licbw9y3icwbb4lkxdjl7q1wtd324y4k93dvj70szf03uh4n9mpfwo877ua9emujvfzedh1qwujmad5i6g25ien862zegcc8btilsad5ap33i797fm0842e79k6faqrbe5h2s3vyemlnwhf4d89d3qod7vaobvaxjckbsv8ad8e7jh91exya7pcstt4p55j7zve1bvkflaipei8gypbxcl1kgb1jlayuz2xwxsvpagk6ba84wutfwrm37oe9yqn7necizf917jjsqohh13osb8cnogft181jmc1pib20oss31n4j1ovtkiz7zprbr9komxtu03pqkrzjpsjfbk5gf19zf0v774hiyu9z2byeqkih7f4xk9v3r5w0dos32k5jh4riin2wp1933yjk8pajinaoj2g02eguoroosbq8kw7mvqj1ec348qvt2lqbgq1jb0djq7bokxrjuupu0ol4uzrru4ygov4zngp2ysju3w4we471qkd73fhlezb534brxl5lxfk2epcutn7h50b8qrjinj1job8sufex2fusyklnicouavv6jeec6fxtzczjyzov4pcdjvetkz1jbkksndh81joqtb35h6yh17ej68b80t9d7prms14di28c9hw73umh59fj89njolbxtvi6c1uun6472e65zceewxxu9jovxk84ezbzo3wt6gagwirri1dopruiyex6fickz3jl3pl374mpp0b291ty6m81fwvkc69wt29y9hxljoxmxw4j8mb92dcnsse55qcoepazk6qasmwzkggtobv1ssimvkt3xg3hgtm1muf0u6fi5digak1h0sbk6dqsl3xl7cniz0mbte979d2ble3g6b5mib9p59t6tbqrf6p66wa5bk5bjdethazqwrimjyw9onc1u52y2afirgwncca9tdq8adc7wyuina6bors5kgf39m8rkdvf319fe95faurxaquwjklxxka4ocr6rz0t497mjl8dvxt4uve63funlfpofchpp9dxp8mcdry7mr7swcphy0m9afwdfw9bcdfr5lrq2t6tockwnzcjzprt1ratbr2ricd1ggqo791e1vsiu1w8l3f66st4rkjtyuorav2lq95lwx9tpyrh3pyjtk2hllmrm634lj8mrc2aefgct692e18a1j1j0c2bry7n46u0yvrv9n9mhixndaqpvwdabclzq4hgqc6cz9klpmsinmqczqd4t3god79ahvx7182eckcn6ttn6bllu2ns6mzj8wdzr1yt4qudsvocy82f7uwn1ev6wzed16garkdxpscywj96454xld3vnxakxqigfuvtrdp3njqisl8cgqq3qszn6shwgxluhfnlf2jkocnmopec6s46y39mq5j8jvjep5o3q7urbiuj9u8x47cv3uormdo1z0gq19mfiykigxsx9tlxaxs1k9ja0hggmsch0yx8ibi4czqbr131fmwsjm0zi9ffzkt06mokdnwzcwhwmdwir09gqqxn9o609fu8bdo825mv3wk41urm0fps46y681t7k88kvldto8asakkgobydit3gxhi5egmve3sgt328a3s6svomgm';
+          this.subject().write(COOKIE_NAME, largeValue);
+        }).to.throw();
+      });
+
     });
 
     describe('clearing a cookie', function() {