fix(cookies): Update Undici to 5.20 and fix cookies behaviour (#6323)
* fix(cookies): Update Undici to 5.20 and fix cookies behaviour * chore: changeset
This commit is contained in:
Erika
GitHub
parent
d3df40af2e
commit
5e26bc891c
7 changed files with 28 additions and 43 deletions
7
.changeset/breezy-coats-remember.md
Normal file
7
.changeset/breezy-coats-remember.md
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
'astro': patch
|
||||||
|
'@astrojs/netlify': patch
|
||||||
|
'@astrojs/node': patch
|
||||||
|
---
|
||||||
|
|
||||||
|
Updated Undici to 5.20.0. This fixes a security issue and handling of cookies in certain cases in dev
|
||||||
|
|
@ -188,7 +188,7 @@
|
||||||
"rollup": "^3.9.0",
|
"rollup": "^3.9.0",
|
||||||
"sass": "^1.52.2",
|
"sass": "^1.52.2",
|
||||||
"srcset-parse": "^1.1.0",
|
"srcset-parse": "^1.1.0",
|
||||||
"undici": "^5.14.0",
|
"undici": "^5.20.0",
|
||||||
"unified": "^10.1.2"
|
"unified": "^10.1.2"
|
||||||
},
|
},
|
||||||
"engines": {
|
"engines": {
|
||||||
|
|
|
||||||
|
|
@ -57,12 +57,6 @@ export async function writeWebResponse(res: http.ServerResponse, webResponse: Re
|
||||||
|
|
||||||
const _headers = Object.fromEntries(headers.entries());
|
const _headers = Object.fromEntries(headers.entries());
|
||||||
|
|
||||||
// Undici 5.19.1 includes a `getSetCookie` helper that returns an array of all the `set-cookies` headers.
|
|
||||||
// Previously, `headers.entries()` would already have those merged, but it seems like this isn't the case anymore, weird.
|
|
||||||
if ((headers as any)['getSetCookie']) {
|
|
||||||
_headers['set-cookie'] = (headers as any).getSetCookie();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Attach any set-cookie headers added via Astro.cookies.set()
|
// Attach any set-cookie headers added via Astro.cookies.set()
|
||||||
const setCookieHeaders = Array.from(getSetCookiesFromResponse(webResponse));
|
const setCookieHeaders = Array.from(getSetCookiesFromResponse(webResponse));
|
||||||
if (setCookieHeaders.length) {
|
if (setCookieHeaders.length) {
|
||||||
|
|
|
||||||
|
|
@ -102,34 +102,11 @@ export const createExports = (manifest: SSRManifest, args: Args) => {
|
||||||
isBase64Encoded: responseIsBase64Encoded,
|
isBase64Encoded: responseIsBase64Encoded,
|
||||||
};
|
};
|
||||||
|
|
||||||
// Special-case set-cookie which has to be set an different way :/
|
const cookies = response.headers.get('set-cookie');
|
||||||
// The fetch API does not have a way to get multiples of a single header, but instead concatenates
|
if (cookies) {
|
||||||
// them. There are non-standard ways to do it, and node-fetch gives us headers.raw()
|
fnResponse.multiValueHeaders = {
|
||||||
// See https://github.com/whatwg/fetch/issues/973 for discussion
|
'set-cookie': Array.isArray(cookies) ? cookies : splitCookiesString(cookies),
|
||||||
if (response.headers.has('set-cookie')) {
|
};
|
||||||
if ('raw' in response.headers) {
|
|
||||||
// Node fetch allows you to get the raw headers, which includes multiples of the same type.
|
|
||||||
// This is needed because Set-Cookie *must* be called for each cookie, and can't be
|
|
||||||
// concatenated together.
|
|
||||||
type HeadersWithRaw = Headers & {
|
|
||||||
raw: () => Record<string, string[]>;
|
|
||||||
};
|
|
||||||
|
|
||||||
const rawPacked = (response.headers as HeadersWithRaw).raw();
|
|
||||||
if ('set-cookie' in rawPacked) {
|
|
||||||
fnResponse.multiValueHeaders = {
|
|
||||||
'set-cookie': rawPacked['set-cookie'],
|
|
||||||
};
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
const cookies = response.headers.get('set-cookie');
|
|
||||||
|
|
||||||
if (cookies) {
|
|
||||||
fnResponse.multiValueHeaders = {
|
|
||||||
'set-cookie': Array.isArray(cookies) ? cookies : splitCookiesString(cookies),
|
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Apply cookies set via Astro.cookies.set/delete
|
// Apply cookies set via Astro.cookies.set/delete
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,6 @@
|
||||||
"cheerio": "^1.0.0-rc.11",
|
"cheerio": "^1.0.0-rc.11",
|
||||||
"mocha": "^9.2.2",
|
"mocha": "^9.2.2",
|
||||||
"node-mocks-http": "^1.11.0",
|
"node-mocks-http": "^1.11.0",
|
||||||
"undici": "^5.14.0"
|
"undici": "^5.20.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@
|
||||||
"dset": "^3.1.2",
|
"dset": "^3.1.2",
|
||||||
"is-docker": "^3.0.0",
|
"is-docker": "^3.0.0",
|
||||||
"is-wsl": "^2.2.0",
|
"is-wsl": "^2.2.0",
|
||||||
"undici": "^5.14.0",
|
"undici": "^5.20.0",
|
||||||
"which-pm-runs": "^1.1.0"
|
"which-pm-runs": "^1.1.0"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
|
|
||||||
|
|
@ -456,7 +456,7 @@ importers:
|
||||||
supports-esm: ^1.0.0
|
supports-esm: ^1.0.0
|
||||||
tsconfig-resolver: ^3.0.1
|
tsconfig-resolver: ^3.0.1
|
||||||
typescript: '*'
|
typescript: '*'
|
||||||
undici: ^5.14.0
|
undici: ^5.20.0
|
||||||
unified: ^10.1.2
|
unified: ^10.1.2
|
||||||
unist-util-visit: ^4.1.0
|
unist-util-visit: ^4.1.0
|
||||||
vfile: ^5.3.2
|
vfile: ^5.3.2
|
||||||
|
|
@ -553,7 +553,7 @@ importers:
|
||||||
rollup: 3.14.0
|
rollup: 3.14.0
|
||||||
sass: 1.58.0
|
sass: 1.58.0
|
||||||
srcset-parse: 1.1.0
|
srcset-parse: 1.1.0
|
||||||
undici: 5.18.0
|
undici: 5.20.0
|
||||||
unified: 10.1.2
|
unified: 10.1.2
|
||||||
|
|
||||||
packages/astro-prism:
|
packages/astro-prism:
|
||||||
|
|
@ -3117,7 +3117,7 @@ importers:
|
||||||
node-mocks-http: ^1.11.0
|
node-mocks-http: ^1.11.0
|
||||||
send: ^0.18.0
|
send: ^0.18.0
|
||||||
server-destroy: ^1.0.1
|
server-destroy: ^1.0.1
|
||||||
undici: ^5.14.0
|
undici: ^5.20.0
|
||||||
dependencies:
|
dependencies:
|
||||||
'@astrojs/webapi': link:../../webapi
|
'@astrojs/webapi': link:../../webapi
|
||||||
send: 0.18.0
|
send: 0.18.0
|
||||||
|
|
@ -3131,7 +3131,7 @@ importers:
|
||||||
cheerio: 1.0.0-rc.12
|
cheerio: 1.0.0-rc.12
|
||||||
mocha: 9.2.2
|
mocha: 9.2.2
|
||||||
node-mocks-http: 1.12.1
|
node-mocks-http: 1.12.1
|
||||||
undici: 5.18.0
|
undici: 5.20.0
|
||||||
|
|
||||||
packages/integrations/node/test/fixtures/api-route:
|
packages/integrations/node/test/fixtures/api-route:
|
||||||
specifiers:
|
specifiers:
|
||||||
|
|
@ -3624,7 +3624,7 @@ importers:
|
||||||
is-docker: ^3.0.0
|
is-docker: ^3.0.0
|
||||||
is-wsl: ^2.2.0
|
is-wsl: ^2.2.0
|
||||||
mocha: ^9.2.2
|
mocha: ^9.2.2
|
||||||
undici: ^5.14.0
|
undici: ^5.20.0
|
||||||
which-pm-runs: ^1.1.0
|
which-pm-runs: ^1.1.0
|
||||||
dependencies:
|
dependencies:
|
||||||
ci-info: 3.7.1
|
ci-info: 3.7.1
|
||||||
|
|
@ -3633,7 +3633,7 @@ importers:
|
||||||
dset: 3.1.2
|
dset: 3.1.2
|
||||||
is-docker: 3.0.0
|
is-docker: 3.0.0
|
||||||
is-wsl: 2.2.0
|
is-wsl: 2.2.0
|
||||||
undici: 5.18.0
|
undici: 5.20.0
|
||||||
which-pm-runs: 1.1.0
|
which-pm-runs: 1.1.0
|
||||||
devDependencies:
|
devDependencies:
|
||||||
'@types/debug': 4.1.7
|
'@types/debug': 4.1.7
|
||||||
|
|
@ -14864,6 +14864,13 @@ packages:
|
||||||
engines: {node: '>=12.18'}
|
engines: {node: '>=12.18'}
|
||||||
dependencies:
|
dependencies:
|
||||||
busboy: 1.6.0
|
busboy: 1.6.0
|
||||||
|
dev: false
|
||||||
|
|
||||||
|
/undici/5.20.0:
|
||||||
|
resolution: {integrity: sha512-J3j60dYzuo6Eevbawwp1sdg16k5Tf768bxYK4TUJRH7cBM4kFCbf3mOnM/0E3vQYXvpxITbbWmBafaDbxLDz3g==}
|
||||||
|
engines: {node: '>=12.18'}
|
||||||
|
dependencies:
|
||||||
|
busboy: 1.6.0
|
||||||
|
|
||||||
/undici/5.9.1:
|
/undici/5.9.1:
|
||||||
resolution: {integrity: sha512-6fB3a+SNnWEm4CJbgo0/CWR8RGcOCQP68SF4X0mxtYTq2VNN8T88NYrWVBAeSX+zb7bny2dx2iYhP3XHi00omg==}
|
resolution: {integrity: sha512-6fB3a+SNnWEm4CJbgo0/CWR8RGcOCQP68SF4X0mxtYTq2VNN8T88NYrWVBAeSX+zb7bny2dx2iYhP3XHi00omg==}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue