@fastify/cookie
Advanced tools
Comparing version 9.1.0 to 9.2.0
{ | ||
"name": "@fastify/cookie", | ||
"version": "9.1.0", | ||
"version": "9.2.0", | ||
"description": "Plugin for fastify to add support for cookies", | ||
"main": "plugin.js", | ||
"type": "commonjs", | ||
"types": "types/plugin.d.ts", | ||
@@ -46,3 +47,3 @@ "scripts": { | ||
"fastify": "^4.0.0", | ||
"sinon": "^16.0.0", | ||
"sinon": "^17.0.0", | ||
"snazzy": "^9.0.0", | ||
@@ -54,4 +55,4 @@ "standard": "^17.0.0", | ||
"dependencies": { | ||
"cookie": "^0.5.0", | ||
"fastify-plugin": "^4.0.0" | ||
"fastify-plugin": "^4.0.0", | ||
"cookie-signature": "^1.1.0" | ||
}, | ||
@@ -58,0 +59,0 @@ "tsd": { |
'use strict' | ||
const fp = require('fastify-plugin') | ||
const cookie = require('cookie') | ||
const cookie = require('./cookie') | ||
@@ -129,3 +129,3 @@ const { Signer, sign, unsign } = require('./signer') | ||
if (typeof secret !== 'undefined') { | ||
if (secret !== undefined) { | ||
fastify.decorate('signCookie', signCookie) | ||
@@ -132,0 +132,0 @@ fastify.decorate('unsignCookie', unsignCookie) |
@@ -80,4 +80,86 @@ # @fastify/cookie | ||
- `parseOptions`: An `Object` to pass as options to [cookie parse](https://github.com/jshttp/cookie#cookieparsestr-options). | ||
- `parseOptions`: An `Object` to modify the serialization of set cookies. | ||
#### parseOptions | ||
##### domain | ||
Specifies the value for the [`Domain` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.3). By default, no | ||
domain is set, and most clients will consider the cookie to apply to only the current domain. | ||
##### encode | ||
Specifies a function that will be used to encode a cookie's value. Since value of a cookie | ||
has a limited character set (and must be a simple string), this function can be used to encode | ||
a value into a string suited for a cookie's value. | ||
The default function is the global `encodeURIComponent`, which will encode a JavaScript string | ||
into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range. | ||
##### expires | ||
Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.1). | ||
By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and | ||
will delete it on a condition like exiting a web browser application. | ||
**Note:** the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and | ||
`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, | ||
so if both are set, they should point to the same date and time. | ||
##### httpOnly | ||
Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.6). When truthy, | ||
the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set. | ||
**Note:** be careful when setting this to `true`, as compliant clients will not allow client-side | ||
JavaScript to see the cookie in `document.cookie`. | ||
##### maxAge | ||
Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.2). | ||
The given number will be converted to an integer by rounding down. By default, no maximum age is set. | ||
**Note:** the [cookie storage model specification](https://datatracker.ietf.org/doc/html/rfc6265#section-5.3) states that if both `expires` and | ||
`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, | ||
so if both are set, they should point to the same date and time. | ||
##### partitioned | ||
Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#section-2.1) | ||
attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the | ||
`Partitioned` attribute is not set. | ||
⚠️ **Warning:** [This is an attribute that has not yet been fully standardized](https://github.com/fastify/fastify-cookie/pull/261#issuecomment-1803234334), and may change in the future without reflecting the semver versioning. This also means many clients may ignore the attribute until they understand it. | ||
More information about can be found in [the proposal](https://github.com/privacycg/CHIPS). | ||
##### path | ||
Specifies the value for the [`Path` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.4). By default, the path | ||
is considered the ["default path"](https://datatracker.ietf.org/doc/html/rfc6265#section-5.1.4). | ||
##### sameSite | ||
Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). | ||
- `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. | ||
- `false` will not set the `SameSite` attribute. | ||
- `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. | ||
- `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. | ||
- `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. | ||
More information about the different enforcement levels can be found in | ||
[the specification](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). | ||
**Note:** This is an attribute that has not yet been fully standardized, and may change in the future. | ||
This also means many clients may ignore this attribute until they understand it. | ||
##### secure | ||
Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.5). When truthy, | ||
the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set. | ||
**Note:** be careful when setting this to `true`, as compliant clients will not send the cookie back to | ||
the server in the future if the browser does not have an HTTPS connection. | ||
## API | ||
@@ -84,0 +166,0 @@ |
@@ -11,3 +11,3 @@ 'use strict' | ||
const base64PaddingRE = /=/g | ||
const base64PaddingRE = /=/gu | ||
@@ -14,0 +14,0 @@ function Signer (secrets, algorithm = 'sha256') { |
@@ -95,2 +95,42 @@ 'use strict' | ||
test('should set multiple cookies', (t) => { | ||
t.plan(12) | ||
const fastify = Fastify() | ||
fastify.register(plugin) | ||
fastify.get('/', (req, reply) => { | ||
reply | ||
.setCookie('foo', 'foo') | ||
.cookie('bar', 'test', { | ||
partitioned: true | ||
}) | ||
.setCookie('wee', 'woo', { | ||
partitioned: true, | ||
secure: true | ||
}) | ||
.send({ hello: 'world' }) | ||
}) | ||
fastify.inject({ | ||
method: 'GET', | ||
url: '/' | ||
}, (err, res) => { | ||
t.error(err) | ||
t.equal(res.statusCode, 200) | ||
t.same(JSON.parse(res.body), { hello: 'world' }) | ||
const cookies = res.cookies | ||
t.equal(cookies.length, 3) | ||
t.equal(cookies[0].name, 'foo') | ||
t.equal(cookies[0].value, 'foo') | ||
t.equal(cookies[1].name, 'bar') | ||
t.equal(cookies[1].value, 'test') | ||
t.equal(cookies[2].name, 'wee') | ||
t.equal(cookies[2].value, 'woo') | ||
t.equal(res.headers['set-cookie'][1], 'bar=test; Partitioned') | ||
t.equal(res.headers['set-cookie'][2], 'wee=woo; Secure; Partitioned') | ||
}) | ||
}) | ||
test('cookies get set correctly with millisecond dates', (t) => { | ||
@@ -97,0 +137,0 @@ t.plan(8) |
@@ -128,5 +128,5 @@ /// <reference types='node' /> | ||
maxAge?: number; | ||
partitioned?: boolean; | ||
/** The `Path` attribute. Defaults to `/` (the root path). */ | ||
path?: string; | ||
priority?: "low" | "medium" | "high"; | ||
/** A `boolean` or one of the `SameSite` string attributes. E.g.: `lax`, `none` or `strict`. */ | ||
@@ -133,0 +133,0 @@ sameSite?: 'lax' | 'none' | 'strict' | boolean; |
@@ -175,2 +175,3 @@ import cookie from '..'; | ||
signed: true, | ||
partitioned: false, | ||
}; | ||
@@ -177,0 +178,0 @@ expectType<fastifyCookieStar.CookieSerializeOptions>(parseOptions); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
90471
21
2279
345
+ Addedcookie-signature@^1.1.0
+ Addedcookie-signature@1.2.1(transitive)
- Removedcookie@^0.5.0
- Removedcookie@0.5.0(transitive)