		{
		"name": "@fastify/cookie",
		"version": "9.1.0",
		"version": "9.2.0",
		"description": "Plugin for fastify to add support for cookies",
		"main": "plugin.js",
		"type": "commonjs",
		"types": "types/plugin.d.ts",
		@@ -46,3 +47,3 @@ "scripts": {
		"fastify": "^4.0.0",
		"sinon": "^16.0.0",
		"sinon": "^17.0.0",
		"snazzy": "^9.0.0",
		@@ -54,4 +55,4 @@ "standard": "^17.0.0",
		"dependencies": {
		"cookie": "^0.5.0",
		"fastify-plugin": "^4.0.0"
		"fastify-plugin": "^4.0.0",
		"cookie-signature": "^1.1.0"
		},
		@@ -58,0 +59,0 @@ "tsd": {

plugin.js

		'use strict'

		const fp = require('fastify-plugin')
		const cookie = require('cookie')
		const cookie = require('./cookie')

		@@ -129,3 +129,3 @@ const { Signer, sign, unsign } = require('./signer')

		if (typeof secret !== 'undefined') {
		if (secret !== undefined) {
		fastify.decorate('signCookie', signCookie)
		@@ -132,0 +132,0 @@ fastify.decorate('unsignCookie', unsignCookie)

README.md

		@@ -80,4 +80,86 @@ # @fastify/cookie

		- `parseOptions`: An `Object` to pass as options to [cookie parse](https://github.com/jshttp/cookie#cookieparsestr-options).
		- `parseOptions`: An `Object` to modify the serialization of set cookies.

		#### parseOptions

		##### domain

		Specifies the value for the [`Domain` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.3). By default, no
		domain is set, and most clients will consider the cookie to apply to only the current domain.

		##### encode

		Specifies a function that will be used to encode a cookie's value. Since value of a cookie
		has a limited character set (and must be a simple string), this function can be used to encode
		a value into a string suited for a cookie's value.

		The default function is the global `encodeURIComponent`, which will encode a JavaScript string
		into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range.

		##### expires

		Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.1).
		By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
		will delete it on a condition like exiting a web browser application.

		Note: the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and
		`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
		so if both are set, they should point to the same date and time.

		##### httpOnly

		Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.6). When truthy,
		the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.

		Note: be careful when setting this to `true`, as compliant clients will not allow client-side
		JavaScript to see the cookie in `document.cookie`.

		##### maxAge

		Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2).
		The given number will be converted to an integer by rounding down. By default, no maximum age is set.

		Note: the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and
		`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
		so if both are set, they should point to the same date and time.

		##### partitioned

		Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#section-2.1)
		attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
		`Partitioned` attribute is not set.

		⚠️ Warning: [This is an attribute that has not yet been fully standardized](https://github.com/fastify/fastify-cookie/pull/261#issuecomment-1803234334), and may change in the future without reflecting the semver versioning. This also means many clients may ignore the attribute until they understand it.

		More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).

		##### path

		Specifies the value for the [`Path` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.4). By default, the path
		is considered the ["default path"](https://datatracker.ietf.org/doc/html/rfc6265#section-5.1.4).

		##### sameSite

		Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).

		- `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
		- `false` will not set the `SameSite` attribute.
		- `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
		- `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
		- `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.

		More information about the different enforcement levels can be found in
		[the specification](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).

		Note: This is an attribute that has not yet been fully standardized, and may change in the future.
		This also means many clients may ignore this attribute until they understand it.

		##### secure

		Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.5). When truthy,
		the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.

		Note: be careful when setting this to `true`, as compliant clients will not send the cookie back to
		the server in the future if the browser does not have an HTTPS connection.

		## API
		@@ -84,0 +166,0 @@

signer.js

		@@ -11,3 +11,3 @@ 'use strict'

		const base64PaddingRE = /=/g
		const base64PaddingRE = /=/gu

		@@ -14,0 +14,0 @@ function Signer (secrets, algorithm = 'sha256') {

test/cookie.test.js

		@@ -95,2 +95,42 @@ 'use strict'

		test('should set multiple cookies', (t) => {
		t.plan(12)
		const fastify = Fastify()
		fastify.register(plugin)

		fastify.get('/', (req, reply) => {
		reply
		.setCookie('foo', 'foo')
		.cookie('bar', 'test', {
		partitioned: true
		})
		.setCookie('wee', 'woo', {
		partitioned: true,
		secure: true
		})
		.send({ hello: 'world' })
		})

		fastify.inject({
		method: 'GET',
		url: '/'
		}, (err, res) => {
		t.error(err)
		t.equal(res.statusCode, 200)
		t.same(JSON.parse(res.body), { hello: 'world' })

		const cookies = res.cookies
		t.equal(cookies.length, 3)
		t.equal(cookies[0].name, 'foo')
		t.equal(cookies[0].value, 'foo')
		t.equal(cookies[1].name, 'bar')
		t.equal(cookies[1].value, 'test')
		t.equal(cookies[2].name, 'wee')
		t.equal(cookies[2].value, 'woo')

		t.equal(res.headers['set-cookie'][1], 'bar=test; Partitioned')
		t.equal(res.headers['set-cookie'][2], 'wee=woo; Secure; Partitioned')
		})
		})

		test('cookies get set correctly with millisecond dates', (t) => {
		@@ -97,0 +137,0 @@ t.plan(8)

types/plugin.d.ts

		@@ -128,5 +128,5 @@ /// <reference types='node' />
		maxAge?: number;
		partitioned?: boolean;
		/** The `Path` attribute. Defaults to `/` (the root path). */
		path?: string;
		priority?: "low" \| "medium" \| "high";
		/** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `none` or `strict`. */
		@@ -133,0 +133,0 @@ sameSite?: 'lax' \| 'none' \| 'strict' \| boolean;

types/plugin.test-d.ts

		@@ -175,2 +175,3 @@ import cookie from '..';
		signed: true,
		partitioned: false,
		};
		@@ -177,0 +178,0 @@ expectType<fastifyCookieStar.CookieSerializeOptions>(parseOptions);

@fastify/cookie - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes