Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds ability to add more than one cookie per response #1161

Merged
merged 5 commits into from
May 4, 2022
Merged

Adds ability to add more than one cookie per response #1161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9a99d49
Adds ability to set more than one set-cookie header on the response
merwan7 May 2, 2022
080dc93
some adjustments to avoid clobbering other headers
merwan7 May 2, 2022
2e2eb22
Fix cookie headers for worker environments
blittle May 3, 2022
6442958
Add note
blittle May 3, 2022
08a8a5b
Remove unnecessary return
blittle May 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/fuzzy-jeans-tickle.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@shopify/hydrogen': patch
---

Adds ability to add multiple cookies in one response
42 changes: 40 additions & 2 deletions packages/hydrogen/src/entry-server.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -475,14 +475,20 @@ async function stream(
}

if (await isStreamingSupported()) {
return new Response(transform.readable, responseOptions);
return new Response(transform.readable, {
...responseOptions,
headers: getHeaders(responseOptions.headers),
});
}

const bufferedBody = await bufferReadableStream(
transform.readable.getReader()
);

return new Response(bufferedBody, responseOptions);
return new Response(bufferedBody, {
...responseOptions,
headers: getHeaders(responseOptions.headers),
});
} else if (response) {
const {pipe} = ssrRenderToPipeableStream(AppSSR, {
nonce,
Expand Down Expand Up @@ -818,9 +824,22 @@ function getResponseOptions(
error?: Error
) {
const responseInit = {} as ResponseOptions;

// @ts-ignore
responseInit.headers = Object.fromEntries(headers.entries());

// @ts-ignore
const rawHeaders = headers.raw();
// Warning! Headers.raw is non-standard and might disappear in undici or newer versions of node-fetch
// See: https://github.com/whatwg/fetch/issues/973
const setCookieKey = Object.keys(rawHeaders).find(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem here is that headers.entries() concatenates multiple set-cookie headers into a single string separated by a comma. The thing is that cookie values can have commas, so the browser mis-interprets the multiple cookies. headers.raw() is an non-standard API that returns an array for the value. { 'set-cookie': ['someval=5', 'someotherval=1']}. Subsequently we can use that array on line 947 to append multiple Set-Cookie headers.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to limit this to set-cookie? Do we need to support setting multiple values for all headers?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was discussed in whatwg/fetch#973, and it doesn't seem to be a problem with other headers. The downside for doing it with all headers is that it just adds more bytes over the wire.

Copy link
Contributor

@blittle blittle May 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifically non Set-Cookie headers:

values may be comma-concatenated anyway by any intermediate proxy

(key) => key.toLowerCase() === 'set-cookie'
);

if (setCookieKey) {
responseInit.headers['set-cookie'] = rawHeaders[setCookieKey];
}

if (error) {
responseInit.status = 500;
} else {
Expand Down Expand Up @@ -911,3 +930,22 @@ function postRequestTasks(
logQueryTimings(type, request);
request.savePreloadQueries();
}

function getHeaders(rawHeaders: Record<string, String | Array<String>> = {}) {
const headers = new Headers();

for (const [key, values] of Object.entries(rawHeaders)) {
// values doesn't have an array prototype, so instanceof doesn't work.
// Check for .splice instead
// @ts-ignore
if (values?.splice) {
for (const value of values) {
headers.append(key, value as string);
}
} else {
headers.append(key, values as string);
}
}

return headers;
}
8 changes: 4 additions & 4 deletions packages/playground/server-components/tests/e2e-test-cases.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,11 +184,11 @@ export default async function testCases({
expect(response.status).toEqual(201);
// statusText cannot be modified in workers
expect(response.statusText).toEqual(isWorker ? 'Created' : 'hey');

expect(response.headers.get('Accept-Encoding')).toBe('deflate, gzip');
expect(response.headers.get('Set-Cookie')).toBe(
'hello=world, hello2=world2'
);
expect(response.headers.raw()['set-cookie']).toEqual([
'hello=world',
'hello2=world2',
]);
});

it('uses the provided custom body', async () => {
Expand Down