Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

headers.cookie shouldn't be replaced #125

Closed
papandreou opened this Issue · 5 comments

5 participants

@papandreou
Collaborator

I had some old code that pre-dates request's cookie jar support:

request({
    headers: {
        cookie: "foo=bar"
    },
    // ...
});

However, after I updated request it stopped working because now headers.cookie is always overwritten unless jar: false is specified:

if (self.jar === false) {
  // disable cookies
  var cookies = false;
  self._disableCookies = true;
} else if (self.jar) {
  // fetch cookie from the user defined cookie jar
  var cookies = self.jar.get({ url: self.uri.href })
} else {
  // fetch cookie from the global cookie jar
  var cookies = cookieJar.get({ url: self.uri.href })
}
if (cookies) {
    var cookieString = cookies.map(function (c) {
        return c.name + "=" + c.value;
    }).join("; ");

    self.headers.Cookie = cookieString;
}

The fix was trivial, but I'm reporting it anyway because I think it's a wtf. In my opinion there should be a check for whether self.headers.cookie already exists, and if so, append to it. Or at least it shouldn't do anything if the global cookie jar is empty.

My guess is that the current behavior breaks a bunch of proxying use cases where cookies are involved.

I can whip up a pull request, but it would be nice to hear if everyone else is on board with this?

@sujal

+1

@daleharvey

I just got burned by this as well, was very confusing

@dscape

This was a problem for nano, reported by dale

@papandreou papandreou referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@papandreou papandreou referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@papandreou papandreou referenced this issue from a commit in papandreou/request
@papandreou papandreou Added failing test for #125. a0ab977
@papandreou papandreou referenced this issue from a commit in papandreou/request
@papandreou papandreou Fix cookie jar/headers.cookie collision. Closes #125.
If both a cookie jar and headers.cookie are specified, include both in the request, separated by '; '. Also fixed uppercase header name: self.headers.Cookie => self.headers.cookie.
c80800a
@mikeal
Owner

did this get merged? can we close?

@mikeal
Owner

fixed.

@mikeal mikeal closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.