Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cache): allow setting multiple set-cookie headers (bad practice) #1838

Merged
merged 3 commits into from
Oct 18, 2023
Merged

fix(cache): allow setting multiple set-cookie headers (bad practice) #1838

merged 3 commits into from
Oct 18, 2023

Conversation

MiniDigger
Copy link
Contributor

@MiniDigger MiniDigger commented Oct 18, 2023
edited

πŸ”— Linked issue

#1837

❓ Type of change

  • πŸ“– Documentation (updates to the documentation, readme, or JSdoc annotations)
  • 🐞 Bug fix (a non-breaking change that fixes an issue)
  • πŸ‘Œ Enhancement (improving an existing functionality like performance)
  • ✨ New feature (a non-breaking change that adds functionality)
  • 🧹 Chore (updates to the build process or auxiliary tools and libraries)
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

πŸ“š Description

cookie headers can be repeated, adapted from
https://github.com/unjs/h3/blob/b7aca9614e7e8e8921fd54804463ce78fdb034f1/src/utils/response.ts#L341

I tried writing a test case for this but stuff didnt work as expected (doesnt help that my work PC is kinda locked down and on windows...), but I tested via playground and in my original nuxt project

πŸ“ Checklist

  • I have linked an issue or discussion.
  • I have updated the documentation accordingly.

@codecov
Copy link

codecov bot commented Oct 18, 2023
edited

Codecov Report

Merging #1838 (795b720) into main (be6bb7e) will decrease coverage by 0.05%.
The diff coverage is 0.00%.

❗ Current head 795b720 differs from pull request most recent head 0fdc6bc. Consider uploading reports for the commit 0fdc6bc to get more accurate results

@@            Coverage Diff             @@
##             main    #1838      +/-   ##
==========================================
- Coverage   52.35%   52.31%   -0.05%     
==========================================
  Files         170      170              
  Lines       11744    11753       +9     
  Branches      904      904              
==========================================
  Hits         6149     6149              
- Misses       5499     5508       +9     
  Partials       96       96
Files Coverage Ξ”
src/runtime/cache.ts 0.00% <0.00%> (ΓΈ)

@pi0
Copy link
Member

pi0 commented Oct 18, 2023

Thanks for the PR. It is a valid fix but for an invalid usage. Please consider that cached request and responses are shared between users. You should not send personalized headers such as cookies in responses.

I accept this PR but very likely to starts showing an explicit warning when set-cookie response exists in a cached event handler and automatically remove it in next major version of nitro.

@pi0 pi0 changed the title fix(cache): don't override cookie headers from middlewares, fixes #1837 fix(cache): allow setting multiple set-cookie headers (bad practice) Oct 18, 2023
@pi0 pi0 merged commit d391b29 into unjs:main Oct 18, 2023
5 checks passed
@MiniDigger MiniDigger deleted the fix/middleware-cookies branch October 18, 2023 19:08
@MiniDigger
Copy link
Contributor Author

Mmh, in my case the cookie is set based on the path, not the user, so caching it is fine, appreciate the heads-up tho!

@MiniDigger MiniDigger mentioned this pull request Oct 19, 2023
Closed
@pi0 pi0 mentioned this pull request Oct 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pi0 pi0 pi0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MiniDigger @pi0