fix(std/http): verify cookie name & update SameSite type (#4685)

195ad4c6 · 木杉 · GitHub · 85c61bff · 195ad4c6 · 195ad4c6
隐藏空白更改
内联并排

Showing with 12 addition and 2 deletion

std/http/cookie.ts std/http/cookie.ts +8 -2

std/http/cookie_test.ts std/http/cookie_test.ts +4 -0

未找到文件。
--- a/std/http/cookie.ts
+++ b/std/http/cookie.ts
@@ -22,9 +22,12 @@ export interface Cookie {
  unparsed?: string[];
 }

-export type SameSite = "Strict" | "Lax";
+export type SameSite = "Strict" | "Lax" | "None";

 function toString(cookie: Cookie): string {
+  if (!cookie.name) {
+    return "";
+  }
  const out: string[] = [];
  out.push(`${cookie.name}=${cookie.value}`);

@@ -115,7 +118,10 @@ export function setCookie(res: Response, cookie: Cookie): void {
  // TODO (zekth) : Add proper parsing of Set-Cookie headers
  // Parsing cookie headers to make consistent set-cookie header
  // ref: https://tools.ietf.org/html/rfc6265#section-4.1.1
-  res.headers.append("Set-Cookie", toString(cookie));
+  const v = toString(cookie);
+  if (v) {
+    res.headers.append("Set-Cookie", v);
+  }
 }

 /**

--- a/std/http/cookie_test.ts
+++ b/std/http/cookie_test.ts
@@ -214,5 +214,9 @@ test({
      res.headers.get("Set-Cookie"),
      "cookie-1=value-1; Secure, cookie-2=value-2; Max-Age=3600"
    );
+
+    res.headers = new Headers();
+    setCookie(res, { name: "", value: "" });
+    assertEquals(res.headers.get("Set-Cookie"), null);
  },
 });