-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sending multiple Set-Cookie headers get merged #4826
Comments
According to the source code, Headers is an in-build class of the Fetch API. Hard to believe that there is no way to use it in the right way, but it is intended to be used from the client. And as far as I know, Set-Cookie is the only standards-compliant header that can be used multiple times. And clients do not send it. This is how it is done in node.js and expressJS: |
Should be fixed, needs approval |
The more I think about this problem, the uglier it gets. What about custom headers? It must be possible to add them multiple times, too. Also in the set-cookie expiration date might be a comma. The cleanest solution would be to replace or extend the IMHO is the A pretty ugly solution for supporting repeated custom headers could be prefixing them, e.g. with
I don't have to say how "pretty" this solution is. |
@ry @marcosc90 @Caesar2011 I just ran across this when working on oak. It looks like the intention is that we use |
@kitsonk I already tried Using the 2-dimentional table construction is the same as using append. The result is the same as in the initial post at the beginning of the issue. :D |
so it looks like our current implementation with I am going to take another stab at a PR to try to fix this. |
@Caesar2011 understood... it is clear though there is this one and only special exception to the rule... I am pretty sure I can make the change without leaking anything implementation and making it compliant. |
No @marcosc90 I don't think it does... it doesn't yield the iterable values right. |
@kitsonk Care to explain? Because all tests succeeded, cookies work and the implementation does not break previous behaviour. |
ping @ry @bartlomieju need to come to a decision on this |
@kitsonk It's on my queue! I will get to it before tomorrow's release. Sorry! :| |
When sending multiple
Set-Cookie
headers, they are combined to one header separated by commas. While this behavior is desired for other headers, such as Accept, theSet-Cookie
header is not parsed correctly, at least under Firefox 75.I set the header as follows, where cookieHeaders is of type
[string, string][]
.This results in the following response headers in Firefox's network analysis.
When a new request is made to the URL, only the first specified header is actually set. The cookies a and b are ignored. These are the request headers from the 2nd request.
In my opinion, the headers should look like this. Sending a header multiple times is totally legitimate and allowed by the HTTP specifications. This is, in my understanding, the reason why headers accept a
[string, string][]
and not a key-value object, since keys can be used multiple times.https://tools.ietf.org/html/rfc6265#page-7
The text was updated successfully, but these errors were encountered: