-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetch requests don't expose Set-Cookie
response header
#183
Comments
I'm hitting the same problem while trying to integrate miniflare to our development process. In our case, this happens when proxying API requests on path The same code works perfectly on Worker runtime. Invocation on both environments is While doing my own digging, I also came to conclusion, that those headers are dropped due undici fetch implementation, but didn't find any way to work around this. |
I also came to the same conclusion today. Unfortunately this is the last thing preventing me from deploying Miniflare as part of our development environment. When the |
I did some additional investigation and opened an issue with Undici: |
Hey everyone! 👋 Thanks for raising this and apologies for the delayed response. This is definitely a bug, might be possible to extract this header from internal miniflare/packages/core/src/standards/http.ts Line 801 in b887877
...although probably worth waiting on nodejs/undici#1262 for a proper fix. 👍 |
Fix for the problem has been now released on undici v5.4.0 release. |
Nice! 🎉 I think this was actually fixed in Miniflare miniflare/packages/core/src/standards/http.ts Lines 63 to 68 in 75abe07
...but I forgot to close this issue. Anyways, upgrading to undici@5.4.0 is the correct fix.
|
Thank you @mrbbot! You beat me to it, I was just about to send PR. I can also confirm that the hack worked and cookies are passed properly on v2.5.0 as well 👍 |
The following code behaves differently on miniflare VS on a deployed worker:
/cookies
URL returns a set-cookie header with the valuefoo=bar
. Visiting any other URL does a sub-fetch to the/cookies
path and returns the value of the set-cookie header in the response body.In miniflare, this returns
null
.. In a worker, this behaves as expected - theset-cookie
header is exposed to the user.The source of this is that
undici
follows thefetch
spec closer than workers. The conflict source isundici/lib/fetch/response.js:370
, thefilterResponse
function, which removes forbidden headers from the response such asset-cookie
.The text was updated successfully, but these errors were encountered: