fix(std/http): verify cookie name & update SameSite type (#4685)

2025-01-22 23:19:55 -05:00 · 2020-04-10 22:12:42 +08:00 · 2020-04-10 22:12:42 +08:00 · 195ad4c626
commit 195ad4c626
parent 85c61bff1c
2 changed files with 12 additions and 2 deletions
--- a/std/http/cookie.ts
+++ b/std/http/cookie.ts
@ -22,9 +22,12 @@ export interface Cookie {
  unparsed?: string[];
 }

-export type SameSite = "Strict" | "Lax";
+export type SameSite = "Strict" | "Lax" | "None";

 function toString(cookie: Cookie): string {
+  if (!cookie.name) {
+    return "";
+  }
  const out: string[] = [];
  out.push(`${cookie.name}=${cookie.value}`);

@ -115,7 +118,10 @@ export function setCookie(res: Response, cookie: Cookie): void {
  // TODO (zekth) : Add proper parsing of Set-Cookie headers
  // Parsing cookie headers to make consistent set-cookie header
  // ref: https://tools.ietf.org/html/rfc6265#section-4.1.1
-  res.headers.append("Set-Cookie", toString(cookie));
+  const v = toString(cookie);
+  if (v) {
+    res.headers.append("Set-Cookie", v);
+  }
 }

 /**
--- a/std/http/cookie_test.ts
+++ b/std/http/cookie_test.ts
@ -214,5 +214,9 @@ test({
      res.headers.get("Set-Cookie"),
      "cookie-1=value-1; Secure, cookie-2=value-2; Max-Age=3600"
    );
+
+    res.headers = new Headers();
+    setCookie(res, { name: "", value: "" });
+    assertEquals(res.headers.get("Set-Cookie"), null);
  },
 });