-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix request cookies lost during multiple redirects #291
Conversation
Keep original request cookie during multiple redirects
Would you please add a test that demonstrates the error and fix? |
add test for tomas#291
DONE! |
Could this be merged asap, thanks |
Any news? |
I'm still not sure what this PR fixes. Doesn't the existing |
This is for authorized request, for example when you login in a website and then post a form in another page, this fix keeps the request cookie safe (keep your login status ) during multiple redirects. |
But that's precisely what What you're doing here is putting your request cookies as part of the response cookies, which are different things. |
No, maybe you think “follow_set_cookies” works, but actually it's not. “follow_set_cookies” only keeps “set-cookies” in response's headers, but the "logged in cookies"(ex. a session ) you passed in will be lost after the 1st redirect. then during the 2nd request ( session has been dropped ), a 403 will be trigged, so the request cannot be finished. what I fixed is this issue. get 'logged in cookie' from whatever place Maybe you can run a practical test to see what it happening. |
No news? |
Can you provide a real-world example where I can test this? |
Too complicate to provide a real case, without this PR, test result is FAIL
|
@tomas Does it work? |
any news? |
typo
Ok I finally had the time to take a deeper look into this. So yes, you're right about the request cookies not being passed to redirects even if the What I don't like about this PR is that you're setting the request cookies as the response cookies ( So I'm going to pull your branch but update the code to avoid polluting the Thanks again and sorry for the late response. :) |
Agree, It's only a mimic fix try to reuse the current codes without inviting the new variable. But in practical usage, |
This problem is located in neddle.js on line 533 else if (config.headers['cookie']) { I deleted this and solved problem. |
Keep original request cookie safe during multiple redirects