Describe the bug
Specifying the expires attribute when setting a cookie on an endpoint causes the Netlify Adapter to emit two set-cookie headers (neither with expiry) instead of one single header with the designated expiry. More specifically, a header like this:
set-cookie: flavor=chocolate%20chip; Expires=Wed, 23 Feb 2022 17:17:53 GMT
Gets converted into this:
set-cookie: flavor=chocolate%20chip; Expires=Wed
set-cookie: 23 Feb 2022 17:17:53 GMT
I suspect that the Netlify handler code is too simple, as it splits the set-cookie header at every comma. Since the date format requires a comma per the date specification, this means expiry gets split by the adapter.
The code under suspicion:
headers.forEach((value, key) => {
if (key === 'set-cookie') {
m[key] = value.split(', ');
} else {
h[key] = value;
}
});
Reproduction
I have deployed a tiny app on Netlify showcasing the issue. It allows you to attempt to set and unset a flavor cookie, and if you observe the network request/response in the developer tools, you can see the cookie is not set correctly.
Logs
No response
System Info
System:
OS: macOS 11.6.1
CPU: (8) arm64 Apple M1
Memory: 151.03 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 17.5.0 - /opt/homebrew/bin/node
Yarn: 1.22.10 - /opt/homebrew/bin/yarn
npm: 8.4.1 - /opt/homebrew/bin/npm
Browsers:
Chrome: 98.0.4758.102
Firefox: 97.0.1
Safari: 15.1
npmPackages:
@sveltejs/adapter-auto: next => 1.0.0-next.17
@sveltejs/adapter-netlify: ^1.0.0-next.46 => 1.0.0-next.46
@sveltejs/kit: next => 1.0.0-next.283
svelte: ^3.44.0 => 3.46.4Severity
serious, but I can work around it
Additional Information
No response
Describe the bug
Specifying the
expiresattribute when setting a cookie on an endpoint causes the Netlify Adapter to emit twoset-cookieheaders (neither with expiry) instead of one single header with the designated expiry. More specifically, a header like this:Gets converted into this:
I suspect that the Netlify handler code is too simple, as it splits the
set-cookieheader at every comma. Since the date format requires a comma per the date specification, this means expiry gets split by the adapter.The code under suspicion:
Reproduction
I have deployed a tiny app on Netlify showcasing the issue. It allows you to attempt to set and unset a
flavorcookie, and if you observe the network request/response in the developer tools, you can see the cookie is not set correctly.Logs
No response
System Info
System: OS: macOS 11.6.1 CPU: (8) arm64 Apple M1 Memory: 151.03 MB / 16.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 17.5.0 - /opt/homebrew/bin/node Yarn: 1.22.10 - /opt/homebrew/bin/yarn npm: 8.4.1 - /opt/homebrew/bin/npm Browsers: Chrome: 98.0.4758.102 Firefox: 97.0.1 Safari: 15.1 npmPackages: @sveltejs/adapter-auto: next => 1.0.0-next.17 @sveltejs/adapter-netlify: ^1.0.0-next.46 => 1.0.0-next.46 @sveltejs/kit: next => 1.0.0-next.283 svelte: ^3.44.0 => 3.46.4Severity
serious, but I can work around it
Additional Information
No response