elysia icon indicating copy to clipboard operation
elysia copied to clipboard

Published 20 hours ago verified publisher icon elysiajs

Cookie settings not used

Open m1212e opened this issue 11 months ago • 1 comments

What version of Elysia.JS is running?

0.8.17

What platform is your computer?

No response

What steps can reproduce the bug?

Use this script and visit the page

import { Elysia, t } from "elysia";

const app = new Elysia({})

	.guard({
		cookie: t.Cookie(
			{
				sessionId: t.Optional(t.String()),
			},
			{
				httpOnly: true,
				maxAge: 60 * 60 * 24 * 7, // 7 days
				sameSite: "strict",
				secure: true,
				secrets: ["secret", "key"],
				sign: ["sessionId"],
				path: "/",
			},
		),
	})
	.get("/", ({ cookie: { sessionId } }) => {
		if (sessionId.value === undefined) {
			sessionId.value = "1234";
		}
		return sessionId.value;
	})
	.listen(1234);

console.log(
	`🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);

What is the expected behavior?

I'd expect the cookie header to contain the specified values and the cookie value to be signed.

What do you see instead?

Instead I just get the value:

HTTP/1.1 200 OK
set-cookie: sessionId=1234
content-type: text/plain;charset=utf-8
Date: Wed, 06 Mar 2024 20:51:58 GMT
Content-Length: 4

Additional information

Setting the cookie settings manually works: sessionId.httpOnly = true; but this way I cannot make use of elysias built in cookie sign feature.

A workaround would be to use this instead:

import { Elysia, t } from "elysia";

const app = new Elysia({
	cookie: {
		httpOnly: true,
		maxAge: 60 * 60 * 24 * 7, // 7 days
		sameSite: "strict",
		secure: true,
		secrets: ["secret", "key"],
		sign: ["sessionId"],
		path: "/",
	},
})
	.guard({
		cookie: t.Object({
			sessionId: t.Optional(t.String()),
		}),
	})
	.get("/", ({ cookie: { sessionId } }) => {
		if (sessionId.value === undefined) {
			sessionId.value = "1234";
			sessionId.httpOnly = true;
		}
		return sessionId.value;
	})
	.listen(1234);

console.log(
	`🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}`,
);

ALSO: I'm not sure if this is related, but whenever there is already a cookie set and sent along in the request which issues the cookie, the same error appears, the cookie options are not set.

m1212e avatar Mar 06 '24 20:03 m1212e

I'm facing the same issue described by @m1212e above. Any fix for this?

mdauthentic avatar May 08 '24 23:05 mdauthentic

Unable to reproduce on the latest version (1.1.9) with the code you provided. Probably have been fixed with the previous subsequent versions of Elysia.

Closing as unable to reproduce and probably complete. If the problem still persist, feel free to reopen the issue.

SaltyAom avatar Aug 30 '24 20:08 SaltyAom