vscode-restclient icon indicating copy to clipboard operation
vscode-restclient copied to clipboard

Published 20 hours ago verified publisher icon Huachao

Set-Cookie response headers are grouped

Open bertubezz opened this issue 5 years ago • 2 comments

  • REST Client Version: 0.24.4
  • VSCode Version: 1.51.1
  • OS Version: windows 10

Steps to Reproduce:

  1. imagine this simple express script...
var express = require('express');
const app = express();
app.get("/", (req, res) => {
  res.cookie('n1', 'v1');
  res.cookie('n2', 'v1');
  res.sendStatus(200);
});
app.listen(8080, () => {
  console.log(`listening on port 8080`);
});
  1. simple GET request will group Set-Cookies headers into one as follows;
HTTP/1.1 200 OK
X-Powered-By: Express
Set-Cookie: n1=v1; Path=/,n2=v1; Path=/
Content-Type: text/plain; charset=utf-8
Content-Length: 2
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Date: Mon, 30 Nov 2020 12:08:27 GMT
Connection: close

OK

NOTE almost same request from curl...

λ curl -v http://localhost:8080
* Rebuilt URL to: http://localhost:8080/
*   Trying ::1...
* TCP_NODELAY set
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Set-Cookie: n1=v1; Path=/
< Set-Cookie: n2=v1; Path=/
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
< Date: Mon, 30 Nov 2020 11:59:57 GMT
< Connection: keep-alive
<
OK* Connection #0 to host localhost left intact

bertubezz avatar Nov 30 '20 12:11 bertubezz

This caused me a few hours of confusion, debugging my code only to found out (using curl) that my code was working fine.

This is the problem line:

headerString += `${header}: ${value}${EOL}`;

Additionally, rest-client will not remember the multiple cookies correctly.

aeddie-zapidhire avatar Nov 08 '22 09:11 aeddie-zapidhire

Group set-cookie into one is totally wrong. It should be keep as it is.

Consider the response headers from server as the following:

Set-Cookie: key=value; expires=Thu, 03-Aug-2023 12:02:58 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: key2=value2; expires=Thu, 03-Aug-2023 12:02:58 GMT; Max-Age=7200; path=/; samesite=lax

There are several special characters in the header value , ; : - =. Clients attempting to merge them into a single line using just a , separator is truly a bad idea and violates Web standards.

Set-Cookie: key=value; expires=Thu, 03-Aug-2023 12:02:58 GMT; Max-Age=7200; path=/; samesite=lax, key2=value2; expires=Thu, 03-Aug-2023 12:02:58 GMT; Max-Age=7200; path=/; samesite=lax

gotham8x avatar Aug 03 '23 10:08 gotham8x

I created #1278 to fix this.

jordanbtucker avatar Jun 21 '24 23:06 jordanbtucker