solid-start icon indicating copy to clipboard operation
solid-start copied to clipboard
verified publisher icon solidjs

[Bug?]: SolidStart produces invalid flash cookies

Open frenzzy opened this issue 1 year ago • 0 comments

Duplicates

  • [X] I have searched the existing issues

Latest version

  • [X] I have tested the latest version

Current behavior 😯

Server sets the following set-cookie header:

set-cookie: flash={"url":"/_server%3Fid%3D%252Fsolid-start%252Fexamples%252Fwith-auth%252Fsrc%252Flib%252Findex.ts%26name%3D%2524%2524function1","result":"Usernames must be at least 3 characters long","error":true,"input":[[["redirectTo","/"],["loginType","login"],["username",";"],["password",""]]]}; Secure; HttpOnly;

User sees:

{
  "statusCode": 500,
  "stack": []
}

Server displays an error:

[h3] [unhandled] SyntaxError: Unterminated string in JSON at position 243 (line 1 column 244)
    at JSON.parse (<anonymous>)
    ... 7 lines matching cause stack trace ...
    at async Server.toNodeHandle (file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:2249:7) {
  cause: SyntaxError: Unterminated string in JSON at position 243 (line 1 column 244)
      at JSON.parse (<anonymous>)
      at initFromFlash (/solid-start/node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_@vites_g4axoxquuc27oifb2hw6quhyia/node_modules/@solidjs/start/dist/server/pageEvent.js:11:20)
      at createPageEvent (/solid-start/node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_@vites_g4axoxquuc27oifb2hw6quhyia/node_modules/@solidjs/start/dist/server/pageEvent.js:35:19)
      at async eval (/solid-start/node_modules/.pnpm/@[email protected]_@[email protected][email protected]_@[email protected]_@vites_g4axoxquuc27oifb2hw6quhyia/node_modules/@solidjs/start/dist/server/handler.js:45:25)
      at async _callHandler (file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:1821:16)
      at async _callHandler (file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:1821:16)
      at async file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:1962:19
      at async Object.callAsync (file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/unctx/dist/index.mjs:72:16)
      at async Server.toNodeHandle (file:///solid-start/node_modules/.pnpm/[email protected]/node_modules/h3/dist/index.mjs:2249:7),
  statusCode: 500,
  fatal: false,
  unhandled: true,
  statusMessage: undefined,
  data: undefined
}

Expected behavior 🤔

  1. The server should produce valid flash cookies (e.g., encode non-ASCII symbols).
  2. The server should handle invalid cookies correctly (e.g., ignore them instead of failing).

Steps to reproduce 🕹

Steps:

  1. Run and open the with-auth example.
  2. Disable JavaScript in DevTools.
  3. Enter ; or any non-ASCII symbol into the Username field.
  4. Submit the form.

Context 🔦

No response

Your environment 🌎

I have reproduced the issue using the latest commit in the main brunch on Node.js v22.9.0

frenzzy avatar Oct 03 '24 11:10 frenzzy