feat(utils/cookie): allow setting cookie SameSite attribute in lowercase too #2668
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @BlankParticle, Thanks for the PR! I could see that it was inconvenient for you. @Jxck What do you think of this PR? Should we allow the lower cases? |
|
I'm agree with @BlankParticle LGTM +1 |
yusukebe
changed the title
|
@Jxck Thanks! @BlankParticle, I think we don't have to add a test for this case. Since it's a petty feature, I'll merge it into the |
nicolewhite
referenced
this pull request
in autoblocksai/cli
May 20, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [hono](https://hono.dev/) ([source](https://togithub.com/honojs/hono)) | [`4.3.6` -> `4.3.8`](https://renovatebot.com/diffs/npm/hono/4.3.6/4.3.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>honojs/hono (hono)</summary> ### [`v4.3.8`](https://togithub.com/honojs/hono/releases/tag/v4.3.8) [Compare Source](https://togithub.com/honojs/hono/compare/v4.3.7...v4.3.8) #### What's Changed - test(validator): compatibility with Node.js `v20.13.1` by [@​yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/2682](https://togithub.com/honojs/hono/pull/2682) - refactor(utils/jwt): remove some `any` by [@​fzn0x](https://togithub.com/fzn0x) in [https://github.com/honojs/hono/pull/2684](https://togithub.com/honojs/hono/pull/2684) - refactor(timing): don't use `Partial` for the options by [@​yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/2712](https://togithub.com/honojs/hono/pull/2712) - refactor(secure-headers): don't use `Partial` for the options by [@​yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/2713](https://togithub.com/honojs/hono/pull/2713) - fix(context): Retain all cookies when passing `ResponseInit` to `c.body` by [@​codeflows](https://togithub.com/codeflows) in [https://github.com/honojs/hono/pull/2690](https://togithub.com/honojs/hono/pull/2690) - fix(hono-jsx): make ref unrequried for forward ref by [@​dygy](https://togithub.com/dygy) in [https://github.com/honojs/hono/pull/2715](https://togithub.com/honojs/hono/pull/2715) #### New Contributors - [@​fzn0x](https://togithub.com/fzn0x) made their first contribution in [https://github.com/honojs/hono/pull/2684](https://togithub.com/honojs/hono/pull/2684) - [@​codeflows](https://togithub.com/codeflows) made their first contribution in [https://github.com/honojs/hono/pull/2690](https://togithub.com/honojs/hono/pull/2690) - [@​dygy](https://togithub.com/dygy) made their first contribution in [https://github.com/honojs/hono/pull/2715](https://togithub.com/honojs/hono/pull/2715) **Full Changelog**: honojs/hono@v4.3.7...v4.3.8 ### [`v4.3.7`](https://togithub.com/honojs/hono/releases/tag/v4.3.7) [Compare Source](https://togithub.com/honojs/hono/compare/v4.3.6...v4.3.7) #### What's Changed - doc(ssg): Define the default value for Content-Type by [@​watany-dev](https://togithub.com/watany-dev) in [https://github.com/honojs/hono/pull/2666](https://togithub.com/honojs/hono/pull/2666) - feat(aws-lambda): add alb event processor by [@​yiss](https://togithub.com/yiss) in [https://github.com/honojs/hono/pull/2657](https://togithub.com/honojs/hono/pull/2657) - feat(utils/cookie): allow setting cookie SameSite attribute in lowercase too by [@​BlankParticle](https://togithub.com/BlankParticle) in [https://github.com/honojs/hono/pull/2668](https://togithub.com/honojs/hono/pull/2668) - fix(method-override): remove un-needed import of URLSearchParams in method override middleware by [@​f5io](https://togithub.com/f5io) in [https://github.com/honojs/hono/pull/2679](https://togithub.com/honojs/hono/pull/2679) #### New Contributors - [@​yiss](https://togithub.com/yiss) made their first contribution in [https://github.com/honojs/hono/pull/2657](https://togithub.com/honojs/hono/pull/2657) - [@​BlankParticle](https://togithub.com/BlankParticle) made their first contribution in [https://github.com/honojs/hono/pull/2668](https://togithub.com/honojs/hono/pull/2668) - [@​f5io](https://togithub.com/f5io) made their first contribution in [https://github.com/honojs/hono/pull/2679](https://togithub.com/honojs/hono/pull/2679) **Full Changelog**: honojs/hono@v4.3.6...v4.3.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/autoblocksai/cli). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for allowing
lax,strict, andnonevalues for theSameSiteattribute in thesetCookiefunction.While the RFC suggests that the
SameSiteattribute shouldStrict,Lax,Noneas values, there is no indication that theSameSiteattribute should be case-sensitive.Libraries like lucia (Undelying
olso) returns cookie objects with lowercaseSameSiteattribute values, which conficts with theSameSiteattribute values in thesetCookiefunction. This needs us to convert theSameSiteattribute values from lucia to the correct case-sensitive values which is a huge pain.Libraires like Next.js (underlying
@edge-runtime/cookie) allow both cases and uses the lowercase value.While I could have asked lucia to change the case of the
SameSiteattribute values, Its less likely to happen as changing the case of theSameSiteattribute values would break existing codebases. So its better to allow both cases for theSameSiteattribute values.I have updated the
setCookiefunction to allowlax,strict, andnonevalues for theSameSiteattribute. While keeping the return value in the original case-sensitive form to stay true to the RFC.The author should do the following, if applicable
bun denoifyto generate files for Denobun run format:fix && bun run lint:fixto format the code