From 4aac580bc53e847a8d8fb8871876196494f278fc Mon Sep 17 00:00:00 2001
From: Majid Burney <majid.burney@leafly.com>
Date: Wed, 25 Jan 2023 11:39:46 -0800
Subject: [PATCH] fix(cookies): parse header correctly when merging cookies

---
 src/node/index.js   |  4 ++--
 test/node/agency.js | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/node/index.js b/src/node/index.js
index ed1e46578..c08c39027 100644
--- a/src/node/index.js
+++ b/src/node/index.js
@@ -855,8 +855,8 @@ Request.prototype.request = function () {
     if (hasOwn(this._header, 'cookie')) {
       // merge
       const temporaryJar = new CookieJar.CookieJar();
-      temporaryJar.setCookies(this._header.cookie.split(';'));
-      temporaryJar.setCookies(this.cookies.split(';'));
+      temporaryJar.setCookies(this._header.cookie.split('; '));
+      temporaryJar.setCookies(this.cookies.split('; '));
       req.setHeader(
         'Cookie',
         temporaryJar.getCookies(CookieJar.CookieAccessInfo.All).toValueString()
diff --git a/test/node/agency.js b/test/node/agency.js
index 198ba0688..dbe8fa958 100644
--- a/test/node/agency.js
+++ b/test/node/agency.js
@@ -9,6 +9,7 @@ const request = require('../support/client');
 const assert = require('assert');
 const should = require('should');
 const cookieParser = require('cookie-parser');
+const cookiejar = require('cookiejar');
 const session = require('express-session');
 let http = require('http');
 
@@ -42,6 +43,10 @@ app.get('/getcookie', (request_, res) => {
   res.status(200).send(request_.cookies.cookie);
 });
 
+app.get('/cookieheader', (request_, res) => {
+  res.status(200).send(request_.headers.cookie);
+});
+
 app.get('/dashboard', (request_, res) => {
   if (request_.session.user) return res.status(200).send('dashboard');
   res.status(401).send('dashboard');
@@ -120,6 +125,21 @@ describe('request', () => {
           assert.strictEqual(res.text, 'jar');
         }));
 
+    it('should produce a valid cookie header', (done) => {
+      agent4
+        .set('Cookie', 'first_cookie=dummy; cookie=jam')
+        .get(`${base}/cookieheader`)
+        .then((res) => {
+          const cookiePairs = res.text.split('; '); // https://httpwg.org/specs/rfc6265.html#rfc.section.4.2.1
+          assert.deepStrictEqual(cookiePairs, [
+            'first_cookie=dummy',
+            'cookie=jar',
+            `connect.sid=${agent4.jar.getCookie('connect.sid', cookiejar.CookieAccessInfo.All).value}`,
+          ]);
+          done();
+        });
+    });
+
     it('should not share cookies between domains', () => {
       assert.equal(agent4.get('https://google.com').cookies, "");
     });