0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2024-12-30 22:03:56 -05:00

Accept common cookie attributes when deleting a cookie (#10671)

* Accept common cookie attributes when deleting a cookie

* Fix AstroCookieSetOptions IDE annotations

* Use AstroCookieSetOptions to construct AstroCookieDeleteOptions

* Update .changeset/shaggy-cats-film.md

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>

---------

Co-authored-by: Florian Lefebvre <contact@florian-lefebvre.dev>
This commit is contained in:
Farzad 2024-04-10 10:18:54 -04:00 committed by GitHub
parent cdd0c7ca36
commit 9e14a78cb0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 57 additions and 22 deletions

View file

@ -0,0 +1,5 @@
---
"astro": minor
---
Adds the `httpOnly`, `sameSite`, and `secure` options when deleting a cookie

View file

@ -2,22 +2,16 @@ import type { CookieSerializeOptions } from 'cookie';
import { parse, serialize } from 'cookie'; import { parse, serialize } from 'cookie';
import { AstroError, AstroErrorData } from '../errors/index.js'; import { AstroError, AstroErrorData } from '../errors/index.js';
export interface AstroCookieSetOptions { export type AstroCookieSetOptions = Pick<
domain?: string; CookieSerializeOptions,
expires?: Date; 'domain' | 'path' | 'expires' | 'maxAge' | 'httpOnly' | 'sameSite' | 'secure' | 'encode'
httpOnly?: boolean; >;
maxAge?: number;
path?: string;
sameSite?: boolean | 'lax' | 'none' | 'strict';
secure?: boolean;
encode?: (value: string) => string;
}
export interface AstroCookieGetOptions { export interface AstroCookieGetOptions {
decode?: (value: string) => string; decode?: (value: string) => string;
} }
type AstroCookieDeleteOptions = Pick<AstroCookieSetOptions, 'domain' | 'path'>; type AstroCookieDeleteOptions = Omit<AstroCookieSetOptions, 'expires' | 'maxAge' | 'encode'>;
interface AstroCookieInterface { interface AstroCookieInterface {
value: string; value: string;
@ -78,17 +72,22 @@ class AstroCookies implements AstroCookiesInterface {
* @param options Options related to this deletion, such as the path of the cookie. * @param options Options related to this deletion, such as the path of the cookie.
*/ */
delete(key: string, options?: AstroCookieDeleteOptions): void { delete(key: string, options?: AstroCookieDeleteOptions): void {
/**
* The `@ts-expect-error` is necessary because `maxAge` and `expires` properties
* must not appear in the AstroCookieDeleteOptions type.
*/
const {
// @ts-expect-error
maxAge: _ignoredMaxAge,
// @ts-expect-error
expires: _ignoredExpires,
...sanitizedOptions
} = options || {};
const serializeOptions: CookieSerializeOptions = { const serializeOptions: CookieSerializeOptions = {
expires: DELETED_EXPIRATION, expires: DELETED_EXPIRATION,
...sanitizedOptions,
}; };
if (options?.domain) {
serializeOptions.domain = options.domain;
}
if (options?.path) {
serializeOptions.path = options.path;
}
// Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT // Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
this.#ensureOutgoingMap().set(key, [ this.#ensureOutgoingMap().set(key, [
DELETED_VALUE, DELETED_VALUE,

View file

@ -47,26 +47,57 @@ describe('astro/src/core/cookies', () => {
assert.equal(cookies.has('foo'), false); assert.equal(cookies.has('foo'), false);
}); });
it('can provide a path', () => { it('deletes a cookie with attributes', () => {
let req = new Request('http://example.com/'); let req = new Request('http://example.com/');
let cookies = new AstroCookies(req); let cookies = new AstroCookies(req);
cookies.delete('foo', { cookies.delete('foo', {
domain: 'example.com',
path: '/subpath/', path: '/subpath/',
}); priority: 'high',
let headers = Array.from(cookies.headers()); secure: true,
assert.equal(headers.length, 1); httpOnly: true,
assert.equal(/Path=\/subpath\//.test(headers[0]), true); sameSite: 'strict',
}); });
it('can provide a domain', () => {
let req = new Request('http://example.com/');
let cookies = new AstroCookies(req);
cookies.delete('foo', {
domain: '.example.com',
});
let headers = Array.from(cookies.headers()); let headers = Array.from(cookies.headers());
assert.equal(headers.length, 1); assert.equal(headers.length, 1);
assert.equal(/Domain=\.example\.com/.test(headers[0]), true); assert.equal(/foo=deleted/.test(headers[0]), true);
assert.equal(/Expires=Thu, 01 Jan 1970 00:00:00 GMT/.test(headers[0]), true);
assert.equal(/Domain=example.com/.test(headers[0]), true);
assert.equal(/Path=\/subpath\//.test(headers[0]), true);
assert.equal(/Priority=High/.test(headers[0]), true);
assert.equal(/Secure/.test(headers[0]), true);
assert.equal(/HttpOnly/.test(headers[0]), true);
assert.equal(/SameSite=Strict/.test(headers[0]), true);
});
it('ignores expires option', () => {
let req = new Request('http://example.com/');
let cookies = new AstroCookies(req);
cookies.delete('foo', {
expires: new Date(),
});
let headers = Array.from(cookies.headers());
assert.equal(headers.length, 1);
assert.equal(/foo=deleted/.test(headers[0]), true);
assert.equal(/Expires=Thu, 01 Jan 1970 00:00:00 GMT/.test(headers[0]), true);
});
it('ignores maxAge option', () => {
let req = new Request('http://example.com/');
let cookies = new AstroCookies(req);
cookies.delete('foo', {
maxAge: 60,
});
let headers = Array.from(cookies.headers());
assert.equal(headers.length, 1);
assert.equal(/foo=deleted/.test(headers[0]), true);
assert.equal(/Expires=Thu, 01 Jan 1970 00:00:00 GMT/.test(headers[0]), true);
}); });
}); });
}); });