http: append Cookie header values with semicolon by mscdex · Pull Request #11259 · nodejs/node
labels
Previously, separate incoming Cookie headers would be concatenated with a comma, which can cause confusion in userland code when it comes to parsing the final Cookie header value. This commit concatenates using a semicolon instead. Fixes: nodejs#11256 PR-URL: nodejs#11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit enables automatic concatenation of multiple Cookie header values with a semicolon, except when 2D header arrays are used. Fixes: nodejs#11256 PR-URL: nodejs#11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
jungx098 pushed a commit to jungx098/node that referenced this pull request
Previously, separate incoming Cookie headers would be concatenated with a comma, which can cause confusion in userland code when it comes to parsing the final Cookie header value. This commit concatenates using a semicolon instead. Fixes: nodejs#11256 PR-URL: nodejs#11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
jungx098 pushed a commit to jungx098/node that referenced this pull request
This commit enables automatic concatenation of multiple Cookie header values with a semicolon, except when 2D header arrays are used. Fixes: nodejs#11256 PR-URL: nodejs#11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
jasnell added a commit that referenced this pull request
* **Async Hooks**
* The `async_hooks` module has landed in core
[[`4a7233c178`](4a7233c178)]
[#12892](#12892).
* **Buffer**
* Using the `--pending-deprecation` flag will cause Node.js to emit a
deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
[[`d2d32ea5a2`](d2d32ea5a2)]
[#11968](#11968).
* `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
[[`7eb1b4658e`](7eb1b4658e)]
[#12141](#12141).
* Many `Buffer` methods now accept `Uint8Array` as input
[[`beca3244e2`](beca3244e2)]
[#10236](#10236).
* **Child Process**
* Argument and kill signal validations have been improved
[[`97a77288ce`](97a77288ce)]
[#12348](#12348),
[[`d75fdd96aa`](d75fdd96aa)]
[#10423](#10423).
* Child Process methods accept `Uint8Array` as input
[[`627ecee9ed`](627ecee9ed)]
[#10653](#10653).
* **Console**
* Error events emitted when using `console` methods are now supressed.
[[`f18e08d820`](f18e08d820)]
[#9744](#9744).
* **Dependencies**
* The npm client has been updated to 5.0.0
[[`3c3b36af0f`](3c3b36af0f)]
[#12936](#12936).
* V8 has been updated to 5.8 with forward ABI stability to 6.0
[[`60d1aac8d2`](60d1aac8d2)]
[#12784](#12784).
* **Domains**
* Native `Promise` instances are now `Domain` aware
[[`84dabe8373`](84dabe8373)]
[#12489](#12489).
* **Errors**
* We have started assigning static error codes to errors generated by Node.js.
This has been done through multiple commits and is still a work in
progress.
* **File System**
* The utility class `fs.SyncWriteStream` has been deprecated
[[`7a55e34ef4`](7a55e34ef4)]
[#10467](#10467).
* The deprecated `fs.read()` string interface has been removed
[[`3c2a9361ff`](3c2a9361ff)]
[#9683](#9683).
* **HTTP**
* Improved support for userland implemented Agents
[[`90403dd1d0`](90403dd1d0)]
[#11567](#11567).
* Outgoing Cookie headers are concatenated into a single string
[[`d3480776c7`](d3480776c7)]
[#11259](#11259).
* The `httpResponse.writeHeader()` method has been deprecated
[[`fb71ba4921`](fb71ba4921)]
[#11355](#11355).
* New methods for accessing HTTP headers have been added to `OutgoingMessage`
[[`3e6f1032a4`](3e6f1032a4)]
[#10805](#10805).
* **Lib**
* All deprecation messages have been assigned static identifiers
[[`5de3cf099c`](5de3cf099c)]
[#10116](#10116).
* The legacy `linkedlist` module has been removed
[[`84a23391f6`](84a23391f6)]
[#12113](#12113).
* **N-API**
* Experimental support for the new N-API API has been added
[[`56e881d0b0`](56e881d0b0)]
[#11975](#11975).
* **Process**
* Process warning output can be redirected to a file using the
`--redirect-warnings` command-line argument
[[`03e89b3ff2`](03e89b3ff2)]
[#10116](#10116).
* Process warnings may now include additional detail
[[`dd20e68b0f`](dd20e68b0f)]
[#12725](#12725).
* **REPL**
* REPL magic mode has been deprecated
[[`3f27f02da0`](3f27f02da0)]
[#11599](#11599).
* **Src**
* `NODE_MODULE_VERSION` has been updated to 57
(ec7cbaf266)]
[#12995](#12995).
* Add `--pending-deprecation` command-line argument and
`NODE_PENDING_DEPRECATION` environment variable
[[`a16b570f8c`](a16b570f8c)]
[#11968](#11968).
* The `--debug` command-line argument has been deprecated. Note that
using `--debug` will enable the *new* Inspector-based debug protocol
as the legacy Debugger protocol previously used by Node.js has been
removed. [[`010f864426`](010f864426)]
[#12949](#12949).
* Throw when the `-c` and `-e` command-line arguments are used at the same
time [[`a5f91ab230`](a5f91ab230)]
[#11689](#11689).
* Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
arguments are used at the same time.
[[`8a7db9d4b5`](8a7db9d4b5)]
[#12087](#12087).
* **Stream**
* `Stream` now supports `destroy()` and `_destroy()` APIs
[[`b6e1d22fa6`](b6e1d22fa6)]
[#12925](#12925).
* `Stream` now supports the `_final()` API
[[`07c7f198db`](07c7f198db)]
[#12828](#12828).
* **TLS**
* The `rejectUnauthorized` option now defaults to `true`
[[`348cc80a3c`](348cc80a3c)]
[#5923](#5923).
* The `tls.createSecurePair()` API now emits a runtime deprecation
[[`a2ae08999b`](a2ae08999b)]
[#11349](#11349).
* A runtime deprecation will now be emitted when `dhparam` is less than
2048 bits [[`d523eb9c40`](d523eb9c40)]
[#11447](#11447).
* **URL**
* The WHATWG URL implementation is now a fully-supported Node.js API
[[`d080ead0f9`](d080ead0f9)]
[#12710](#12710).
* **Util**
* `Symbol` keys are now displayed by default when using `util.inspect()`
[[`5bfd13b81e`](5bfd13b81e)]
[#9726](#9726).
* `toJSON` errors will be thrown when formatting `%j`
[[`455e6f1dd8`](455e6f1dd8)]
[#11708](#11708).
* Convert `inspect.styles` and `inspect.colors` to prototype-less objects
[[`aab0d202f8`](aab0d202f8)]
[#11624](#11624).
* The new `util.promisify()` API has been added
[[`99da8e8e02`](99da8e8e02)]
[#12442](#12442).
* **Zlib**
* Support `Uint8Array` in Zlib convenience methods
[[`91383e47fd`](91383e47fd)]
[#12001](#12001).
* Zlib errors now use `RangeError` and `TypeError` consistently
[[`b514bd231e`](b514bd231e)]
[#11391](#11391).
jasnell added a commit that referenced this pull request
* **Async Hooks**
* The `async_hooks` module has landed in core
[[`4a7233c178`](4a7233c178)]
[#12892](#12892).
* **Buffer**
* Using the `--pending-deprecation` flag will cause Node.js to emit a
deprecation warning when using `new Buffer(num)` or `Buffer(num)`.
[[`d2d32ea5a2`](d2d32ea5a2)]
[#11968](#11968).
* `new Buffer(num)` and `Buffer(num)` will zero-fill new `Buffer` instances
[[`7eb1b4658e`](7eb1b4658e)]
[#12141](#12141).
* Many `Buffer` methods now accept `Uint8Array` as input
[[`beca3244e2`](beca3244e2)]
[#10236](#10236).
* **Child Process**
* Argument and kill signal validations have been improved
[[`97a77288ce`](97a77288ce)]
[#12348](#12348),
[[`d75fdd96aa`](d75fdd96aa)]
[#10423](#10423).
* Child Process methods accept `Uint8Array` as input
[[`627ecee9ed`](627ecee9ed)]
[#10653](#10653).
* **Console**
* Error events emitted when using `console` methods are now supressed.
[[`f18e08d820`](f18e08d820)]
[#9744](#9744).
* **Dependencies**
* The npm client has been updated to 5.0.0
[[`3c3b36af0f`](3c3b36af0f)]
[#12936](#12936).
* V8 has been updated to 5.8 with forward ABI stability to 6.0
[[`60d1aac8d2`](60d1aac8d2)]
[#12784](#12784).
* **Domains**
* Native `Promise` instances are now `Domain` aware
[[`84dabe8373`](84dabe8373)]
[#12489](#12489).
* **Errors**
* We have started assigning static error codes to errors generated by Node.js.
This has been done through multiple commits and is still a work in
progress.
* **File System**
* The utility class `fs.SyncWriteStream` has been deprecated
[[`7a55e34ef4`](7a55e34ef4)]
[#10467](#10467).
* The deprecated `fs.read()` string interface has been removed
[[`3c2a9361ff`](3c2a9361ff)]
[#9683](#9683).
* **HTTP**
* Improved support for userland implemented Agents
[[`90403dd1d0`](90403dd1d0)]
[#11567](#11567).
* Outgoing Cookie headers are concatenated into a single string
[[`d3480776c7`](d3480776c7)]
[#11259](#11259).
* The `httpResponse.writeHeader()` method has been deprecated
[[`fb71ba4921`](fb71ba4921)]
[#11355](#11355).
* New methods for accessing HTTP headers have been added to `OutgoingMessage`
[[`3e6f1032a4`](3e6f1032a4)]
[#10805](#10805).
* **Lib**
* All deprecation messages have been assigned static identifiers
[[`5de3cf099c`](5de3cf099c)]
[#10116](#10116).
* The legacy `linkedlist` module has been removed
[[`84a23391f6`](84a23391f6)]
[#12113](#12113).
* **N-API**
* Experimental support for the new N-API API has been added
[[`56e881d0b0`](56e881d0b0)]
[#11975](#11975).
* **Process**
* Process warning output can be redirected to a file using the
`--redirect-warnings` command-line argument
[[`03e89b3ff2`](03e89b3ff2)]
[#10116](#10116).
* Process warnings may now include additional detail
[[`dd20e68b0f`](dd20e68b0f)]
[#12725](#12725).
* **REPL**
* REPL magic mode has been deprecated
[[`3f27f02da0`](3f27f02da0)]
[#11599](#11599).
* **Src**
* `NODE_MODULE_VERSION` has been updated to 57
(ec7cbaf266)]
[#12995](#12995).
* Add `--pending-deprecation` command-line argument and
`NODE_PENDING_DEPRECATION` environment variable
[[`a16b570f8c`](a16b570f8c)]
[#11968](#11968).
* The `--debug` command-line argument has been deprecated. Note that
using `--debug` will enable the *new* Inspector-based debug protocol
as the legacy Debugger protocol previously used by Node.js has been
removed. [[`010f864426`](010f864426)]
[#12949](#12949).
* Throw when the `-c` and `-e` command-line arguments are used at the same
time [[`a5f91ab230`](a5f91ab230)]
[#11689](#11689).
* Throw when the `--use-bundled-ca` and `--use-openssl-ca` command-line
arguments are used at the same time.
[[`8a7db9d4b5`](8a7db9d4b5)]
[#12087](#12087).
* **Stream**
* `Stream` now supports `destroy()` and `_destroy()` APIs
[[`b6e1d22fa6`](b6e1d22fa6)]
[#12925](#12925).
* `Stream` now supports the `_final()` API
[[`07c7f198db`](07c7f198db)]
[#12828](#12828).
* **TLS**
* The `rejectUnauthorized` option now defaults to `true`
[[`348cc80a3c`](348cc80a3c)]
[#5923](#5923).
* The `tls.createSecurePair()` API now emits a runtime deprecation
[[`a2ae08999b`](a2ae08999b)]
[#11349](#11349).
* A runtime deprecation will now be emitted when `dhparam` is less than
2048 bits [[`d523eb9c40`](d523eb9c40)]
[#11447](#11447).
* **URL**
* The WHATWG URL implementation is now a fully-supported Node.js API
[[`d080ead0f9`](d080ead0f9)]
[#12710](#12710).
* **Util**
* `Symbol` keys are now displayed by default when using `util.inspect()`
[[`5bfd13b81e`](5bfd13b81e)]
[#9726](#9726).
* `toJSON` errors will be thrown when formatting `%j`
[[`455e6f1dd8`](455e6f1dd8)]
[#11708](#11708).
* Convert `inspect.styles` and `inspect.colors` to prototype-less objects
[[`aab0d202f8`](aab0d202f8)]
[#11624](#11624).
* The new `util.promisify()` API has been added
[[`99da8e8e02`](99da8e8e02)]
[#12442](#12442).
* **Zlib**
* Support `Uint8Array` in Zlib convenience methods
[[`91383e47fd`](91383e47fd)]
[#12001](#12001).
* Zlib errors now use `RangeError` and `TypeError` consistently
[[`b514bd231e`](b514bd231e)]
[#11391](#11391).
HaroldPutman pushed a commit to HaroldPutman/node-simplecrawler that referenced this pull request
Outbound cookies should only include name and value in the header. In Node.js versions < 8 if `header.cookie` is set to an array, the values a concatenated with commas which is wrong [according to the specs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie). This was [fixed in Node 8](nodejs/node#11259), but for compatibility if we join the cookie values and set `header.cookie` to a string it will always be right. To avoid breakage, `crawler.cookies.getAsHeader()` still returns an array, but without the unexpected attributes. When it is added to request options it is joined into a semicolon-separated string.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters