Better way to set cookies and other repeatable headers in Javascript Http functions

[cesarvarela]

I'm kind of lost here, but I don't see anything related to using cookies in the docs.

I need to write/read them, is it possible?

[paulbatum]

please provide more information (see our issue template)

[cesarvarela]

Look at this:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference-node

It mentions headers, body, and status, but not cookies:

// Define a valid response object.
res = { status: 201, body: "Insert succeeded." };
context.done(null, res);   

[paulbatum]

Ahh, so you're trying to do it from JavaScript? I'm not sure if this is possible right now.

@mhoeger do you know?

[mhoeger]

@cesarvarela I think I responded to your stackoverflow post :) I recommended using the HTTP header "Set-Cookie". Is there anything special about the express "cookies" method that can't be done through HTTP headers? Or would you like to see this as a feature?

[cesarvarela]

Yes you did.

That would work, but I think it would be nice to make it work like the other settings, something like:

// Define a valid response object.
res = { status: 201, cookies: { mycookie: 'text' },  body: "Insert succeeded." };
context.done(null, res);   

[mhoeger]

Sounds good. Thanks for the input! I'd imagine other developers coming from express will also expect a "cookies" property as is done there.

Instead of adding a cookies property, I'm inclined to stick to the HTTP standard way of doing things with Set-Cookie defined in the headers. A compromise might be to have a setCookie(serializedCookie: string) method on our res object to easily set cookies. We already have one such method for Content-Type. This setCookie method could be used with existing
npm packages like cookie to help serialize/parse cookies.

I'll re-triage this issue for now as a feature request for a setCookie() helper method, but input is very welcome!

[alanmartin]

The primary problem for me with the current approach is that it's quite difficult to set multiple cookies in one response.
I've found I have to add whitespace in the second header because javascript objects don't allow duplicate keys.

        context.res = {
            // status: 200, /* Defaults to 200 */
            body: "Hello " + (req.query.name || req.body.name),
            headers: {"Set-Cookie" : "name=value2", "Set-Cookie " : "name3=value5"}
        };

[maxhov]

I second @alanmartin. The current implementation is rather limited with regards to setting multiple cookies. Only with the mentioned work around, it is currently possible to set multiple cookies. The implementation suggested by @cesarvarela could be altered like this to facilitate multiple cookies:

...
res = { 
    status: 201, 
    cookies: [ 
        { 
            'name': 'cookie1',
            'value': value,
            'secure': true,
            'httponly': true,
            'path': '/',
            'domain': 'www.example.com',
            etc..
        },
        {
            'name': 'cookie2',
            'value': value,
            'secure': true,
            'httponly': true,
            'path': '/',
            'domain': 'www.example.com',
            etc..
       },
    ],
    body: "some body" 
}
...

[mhoeger]

Good point, thanks for bringing this up! Will prioritize this as more than an enhancement. Note for others the current workaround is adding white spaces as @alanmartin suggested above.

[securityvoid]

This is also impacting us as well. We're also looking to set multiple cookies.

[gthorvey]

Good point, thanks for bringing this up! Will prioritize this as more than an enhancement. Note for others the current workaround is adding white spaces as @alanmartin suggested above.

I am not able to set multiple cookies correctly even with white spaces. I am getting the below error:
An unhandled host error has occurred.
Microsoft.AspNetCore.Server.Kestrel.Core: Invalid non-ASCII or control character in header: 0x0020.

[gpasq]

I get the same. Multiple cookies is required in many circumstances, and Azure simply can't handle them. How hard can this be to implement? (answer is "not that hard")

[mhoeger]

@gpasq - we always love and accept community contributions as an open source project :)

I am starting the work to enable setting multiple cookeis here FYI all on this thread: Azure/azure-functions-language-worker-protobuf#31

[mhoeger]

Update on this issue:
Although the fix is checked in, it has not yet been released. If you urgently need to set cookies, please add a proxy that modifies the response headers of your function as a workaround.

Here's an example:

Will update this issue when it is released.

[dcollien]

Checking up after 6m... was this ever released?

[mhoeger]

@dcollien Yes - sorry forgot to update the issue! You can set multiple cookies on a response object with the property "cookies", which takes an array of Cookie objects.

Ex:

context.res = {
    body: "Hello",
    status: 200,
    cookies: [
        {
            name: "cookie1",
            value: "value1"
        },
        {
            name: "cookie2",
            value: "value2",
            maxAge: 60 * 10
        }
    ]

I'll be sure to update the docs