Handle set-cookie for redirects #13
Comments
jd1378
added a commit
that referenced
this issue
Dec 11, 2022
…onse Handle set-cookie from a redirect response fixes #13 use `URL::hostname` instead of `URL::host` according to RFC ports don't matter improve tests prevent leaking sensitive headers to other domains after redirect
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Seems like we need to handle cookies that are set when the response is
301, 302, 303, 307, 308.e.g. 302 responses can contain
response.headers.set-cookiethat we need to store.To implement it
fetchneeds to handle redirects manually:... and check if it is a redirect status in
response.status, then if it's a redirect; recursively call it self with something like.... const redirectStatus = new Set([301, 302, 303, 307, 308]); if (!redirectStatus.has(response.status)) return response const redirectUrl = response.headers.get("location"); if (!redirectUrl) return response; return await wrappedFetch(redirectUrl, init); ...We also need to add a
maxRedirectoption to check against a counter to avoid redirect loops.I don't have the time to finish this now, but started a draft that i think will work. Maybe someone will pick it up :-)
The text was updated successfully, but these errors were encountered: