Strip quotes for cookie values for .get() #140
Conversation
dougwilson
force-pushed
the
strip-quotes-cookie-value-when-get
branch
from
4624506
to
e44ddaf
Compare
|
@dougwilson Thank you so much! |
|
Hi @naruaway apologies, I didn't realize I never made a release 😂 I'll get it out today/tomorrow 👍 |
|
Hi @dougwilson, thanks for the quick response! Strictly speaking this could be "breaking change" but on the other hand we could say this is a bug fix 🤔 My personal feeling is that patch version would be fine (I think no one should rely on the previous behavior considering the behavior of other frameworks like Django...) but it's your call of course 🙏 |
|
Hi @naruaway this is not the only change in the release. It will be included in the 0.9.0 release. |
|
Hi @dougwilson, oh right, it makes sense. Thanks for all your work 🙏 |
|
Hi @dougwilson, are you going to release 0.9.0? Sorry for pinging you but a dev from koa mentioned that they will bump up the version of |
According to RFC 2965, cookie value can be "quoted-string" and in practice, some web framework (e.g. Java Spring) sometimes uses quoted value.
In such cases, web browser will send HTTP headers like
Cookie: my_value_a=x; my_value_b="abc:def:xyz";to the server and it will be more developer friendly to automatically strip quotes so thatcookie.get('my_value_b')returnsabc:def:xyzrather than"abc:def:xyz".Is this this library's responsibility?
I guess so. I checked the behavior of Django and Express and both of them strip quotes under the hood.
Django
_unquotefunctionExpress
What's the impact of this change?
koa is relying on this library. After this fix, koa can get the same behavior as Django and Express, which seems to be more reasonable and common behavior. I created an issue for koa for the discussion in koa side.
Note that this change will be breaking change so we need to bump up the major version of the library.