Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] don't de/encode initial and explicit string headers #8113

Merged
merged 1 commit into from Dec 13, 2022
Merged

[fix] don't de/encode initial and explicit string headers #8113

merged 1 commit into from Dec 13, 2022

Conversation

dummdidumm
Copy link
Member

fixes #7929

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. All changesets should be patch until SvelteKit 1.0

@changeset-bot
Copy link

changeset-bot bot commented Dec 12, 2022

🦋 Changeset detected

Latest commit: 89635ad

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

benmccann
benmccann reviewed Dec 13, 2022
View reviewed changes
packages/kit/src/runtime/server/cookie.js

const normalized_url = normalize_path(url.pathname, trailing_slash);
// Emulate browser-behavior: if the cookie is set at '/foo/bar', its path is '/foo'
const default_path = normalized_url.split('/').slice(0, -1).join('/') || '/';

if (dev) {
// TODO this could theoretically be wrong if the cookie was set unencoded?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure it makes sense to add a todo because I don't know how we'd ever fix it. Maybe change the comment like yhis

Suggested change
// TODO this could theoretically be wrong if the cookie was set unencoded?
// This could be wrong if the cookie was set unencoded
// but since it's just for printing a debug message we can live with that

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some nebulous thoughts how this could be done, for example through never decoding it and then updating that object with an unencoded version of the new cookies, but want to look into that later - so I'd like to keep the TODO for now (but you may very well be right!).

@Rich-Harris Rich-Harris merged commit 4cf62e0 into master Dec 13, 2022
@Rich-Harris Rich-Harris deleted the cookie-encoding-fix branch December 13, 2022 15:26
This was referenced Dec 13, 2022
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benmccann benmccann benmccann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Don't enforce url-encoding of cookies
3 participants
@dummdidumm @benmccann @Rich-Harris