0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2025-01-06 22:10:10 -05:00

Fixes adding set-cookie headers multiple times (#3026)

* Fixes adding set-cookie headers multiple times

* Adds a changeset
This commit is contained in:
Matthew Phillips 2022-04-07 15:18:08 -04:00 committed by GitHub
parent c3b083f286
commit 4b0f27d9ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 1 deletions

View file

@ -0,0 +1,5 @@
---
'astro': patch
---
Fix for adding set-cookie multiple times

View file

@ -47,7 +47,24 @@ function writeHtmlResponse(res: http.ServerResponse, statusCode: number, html: s
async function writeWebResponse(res: http.ServerResponse, webResponse: Response) {
const { status, headers, body } = webResponse;
res.writeHead(status, Object.fromEntries(headers.entries()));
let _headers = {};
if('raw' in headers) {
// Node fetch allows you to get the raw headers, which includes multiples of the same type.
// This is needed because Set-Cookie *must* be called for each cookie, and can't be
// concatenated together.
type HeadersWithRaw = Headers & {
raw: () => Record<string, string[]>
};
for(const [key, value] of Object.entries((headers as HeadersWithRaw).raw())) {
res.setHeader(key, value);
}
} else {
_headers = Object.fromEntries(headers.entries());
}
res.writeHead(status, _headers);
if (body) {
if (body instanceof Readable) {
body.pipe(res);

View file

@ -0,0 +1,11 @@
export function post() {
const headers = new Headers();
headers.append('Set-Cookie', `foo=foo; HttpOnly`);
headers.append('Set-Cookie', `bar=bar; HttpOnly`);
return new Response('', {
status: 201,
headers,
});
}

View file

@ -56,5 +56,13 @@ describe('API routes in SSR', () => {
const text = await response.text();
expect(text).to.equal(`ok`);
});
it('Can set multiple headers of the same type', async () => {
const response = await fixture.fetch('/login', {
method: 'POST',
});
const setCookie = response.headers.get('set-cookie');
expect(setCookie).to.equal('foo=foo; HttpOnly, bar=bar; HttpOnly');
});
});
});