fix(http): verify cookie name & update SameSite type (denoland/deno#4685

)
caspervonb · Jan 24, 2021 · 66e502e · 66e502e
1 parent 24fa7bb
commit 66e502e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/http/cookie.ts b/http/cookie.ts
@@ -22,9 +22,12 @@ export interface Cookie {
   unparsed?: string[];
 }
 
-export type SameSite = "Strict" | "Lax";
+export type SameSite = "Strict" | "Lax" | "None";
 
 function toString(cookie: Cookie): string {
+  if (!cookie.name) {
+    return "";
+  }
   const out: string[] = [];
   out.push(`${cookie.name}=${cookie.value}`);
 
@@ -115,7 +118,10 @@ export function setCookie(res: Response, cookie: Cookie): void {
   // TODO (zekth) : Add proper parsing of Set-Cookie headers
   // Parsing cookie headers to make consistent set-cookie header
   // ref: https://tools.ietf.org/html/rfc6265#section-4.1.1
-  res.headers.append("Set-Cookie", toString(cookie));
+  const v = toString(cookie);
+  if (v) {
+    res.headers.append("Set-Cookie", v);
+  }
 }
 
 /**

diff --git a/http/cookie_test.ts b/http/cookie_test.ts
@@ -214,5 +214,9 @@ test({
       res.headers.get("Set-Cookie"),
       "cookie-1=value-1; Secure, cookie-2=value-2; Max-Age=3600"
     );
+
+    res.headers = new Headers();
+    setCookie(res, { name: "", value: "" });
+    assertEquals(res.headers.get("Set-Cookie"), null);
   },
 });