-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AstroCookies.delete does not support __Host- and __Secure- prefixed cookies #10480
Comments
Thanks for opening this issue. This seems like an important limitation of the Cookies API, the delete method has only two options. I think it makes sense to allow |
Hey @lilnasy, Adding those flags would work in this case. However, this seems to be highly browser-dependent. For example, Chrome will also take My suggestion is to exclude value, maxAge, and expires cookie attributes when it comes to delete cookie API. It’s been a good practice for me to make sure the cookie attributes always match to ensure compatibility across browsers and different implementations. However, if you insist on keeping the API surface limited, then yes, |
@fshafiee Thanks, shifting from |
Of course @lilnasy. I'll open a PR in next few days. |
I assigned the issue to you @fshafiee Let us know if you need any help or you have questions |
Astro Info
If this issue only occurs in one browser, which browser is a problem?
No response
Describe the Bug
The
AstroCookies.delete
API does not work for cookies with__Host-
and__Secure-
prefixes.From MDN web docs:
The key takeaway is the
Secure
attribute requirement, which based on the main branch of the repo, is not recognized by theAstroCookies.delete
method:astro/packages/astro/src/core/cookies/cookies.ts
Line 20 in 0ddc327
As an example, this is how the Chrome treats Set-Cookie headers that violate these requirements:
What's the expected result?
The
AstroCookies.delete
method should recognize all standard cookie attributes, except for themaxAge
andexpires
, since these are the only attributes that set a valid cookie apart from its expired version.My current workaround is to use the
AstroCookies.set
method as follows:Link to Minimal Reproducible Example
https://stackblitz.com/edit/github-avarao?file=README.md
Participation
The text was updated successfully, but these errors were encountered: