-
-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix cookies' secure detect #614
Conversation
seems like there should be a less wtf way to do this |
both sound wtf to me. :( |
or maybe we just set |
So, I wound recommend keeping the first argument as the raw Node.js object, since that is what is documented to work with the module (and it could start using a new property at any time, breaking Koa integration). The root issue has been brought up various times and it is quite an annoying issue :) I can see any of the following a better fix than the proposal in this PR:
|
@dougwilson 1&2 both need user set some options when using 3 sound more reasonable, but compare to specify a function, why not just specify |
That is option 2. The consumer of the module is Koa, because "the module" = cookies. |
As in, Koa could easily do the following:
|
people use |
So @jonathanong was pushing me to take a serious look into this situation. Let me know what you think of the following proposal that would get this fixed as well as let the
If the static |
Also, I know some of this has been discussed above, but really this is a summary of various proposals from above put down as something to get done now :) |
yes taht should be fine. i was thinking about how this would interact with |
My assumption would be that new Cookies(req, res, keys, {
isSecure: proxyAddr.isSecure(req, rules)
}) Or something. |
yeah i like cookies being dumb. after all, |
@dead-horse after pillarjs/cookies#68 we should be good to go :) |
Ok, with the current changes proposed in pillarjs/cookies#68 this pull request would be context.cookies = new Cookies(req, res, { keys: this.keys, secure: request.secure }); |
abf666c
to
b5c1a60
Compare
upgrade to |
@@ -8,6 +8,8 @@ exports = module.exports = function(req, res){ | |||
var socket = new Stream.Duplex(); | |||
req = req || { headers: {}, socket: socket, __proto__: Stream.Readable.prototype }; | |||
res = res || { _headers: {}, socket: socket, __proto__: Stream.Writable.prototype }; | |||
req.socket = req.socket || socket; | |||
res.socket = res.socket || socket; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What exactly does this do? res.socket
is already defined as socket
2 lines up, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some test case will init context with specific req
without socket
like https://github.com/koajs/koa/blob/master/test/request/path.js#L26
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh oops, I missed that. Thanks for the help.
Looks good to me. |
👍 |
Wow! Wait for a long time. |
koa don't change the original request object, need to pass koa's request object to cookies.
(but you can't replace res with response, so this is kind of weird. :(