Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set: Type-validates the forbidden "cookie"/"set-cookie" response headers #819

Merged
merged 1 commit into from
Jul 23, 2021
Merged

set: Type-validates the forbidden "cookie"/"set-cookie" response headers #819

merged 1 commit into from
Jul 23, 2021

Conversation

kettanaito
Copy link
Member

@kettanaito kettanaito commented Jul 19, 2021
edited
Loading

GitHub

Changes

  • Setting forbidden cookie headers with the ctx.set utility now produces a TypeScript violation.
  • Forbidden cookie headers include (case-insensitive):
    • cookie
    • cookie2
    • set-cookie
    • set-cookie2

We are not including all forbidden header names for now, starting with the cookie ones.

Motivation

We should fail fast in preventing the developer from setting forbidden response cookies. Setting such cookies will raise a runtime exception anyway.

Experience

set({ cookie: 'secret' })

// Argument of type '[{ cookie: string; }]' is not assignable to parameter of type
// '"SafeResponseHeader: the 'cookie' header cannot be set on the response. Please use the 'ctx.cookie()' function instead."'.ts(2345)

Utilizes this technique to have custom type violation messages until microsoft/TypeScript#40468 is merged.

@codesandbox-ci
Copy link

codesandbox-ci bot commented Jul 19, 2021
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 5ce843f:

Sandbox Source
MSW React Configuration

@kettanaito kettanaito force-pushed the ctx-set-cookie branch 2 times, most recently from 787d841 to a4a07d1 Compare July 19, 2021 11:56
@kettanaito
Copy link
Member Author

The smoke tests are failing due to the old TypeScript version being used in the usage examples.

@kettanaito kettanaito mentioned this pull request Jul 20, 2021
Merged
@kettanaito kettanaito merged commit bc32f15 into master Jul 23, 2021
@kettanaito kettanaito deleted the ctx-set-cookie branch July 23, 2021 12:43
@thedavidprice thedavidprice mentioned this pull request Sep 14, 2021
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
DX release candidate scope:typescript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kettanaito