Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Behavior mismatch: POST request with 302 response fails to redirect and doesn't set cookies
See original GitHub issueExpected (Cloudflare behavior)
When making a POST request on an endpoint to which the origin server responds with a 302 status code, I expect that my client will receive the 302 status code, proxied through Miniflare, and be redirected accordingly. I also expect the set-cookie header on the 302 response sent from the origin server to be present when the response is received by the client.
Actual (Miniflare behavior)
When making a POST request to an endpoint that responds with a 302 status code, Miniflare internally resolves the 302 and returns a 200 status code instead. My client is not redirected to a new URL, and instead the contents of the page I would have been redirected to are served up at the original URL (where I made the POST request). The set-cookie response header from the 302 response is absent on the 200 response.
Example
Express server (server.js):
const express = require('express');
const app = express();
app.post('/redirect', (req, res) => {
res.cookie('sessionid', 'abc123');
res.redirect(302, '/');
});
app.get('/', (req, res) => {
res.end('<html><body><form action="/redirect/" method="POST"><input type="submit" value="Submit"></form></body></html>');
});
app.listen('3000');
Miniflare worker (worker.js):
addEventListener('fetch', function(event) {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
return fetch(request)
}
To run the Express server:
npm i express
node server.js
To run the Miniflare server:
miniflare worker.js -u http://localhost:3000
Hitting the Express server directly:
- Clear your cookies
- Navigate to http://localhost:3000/
- Click the “submit” button
- A POST request will be made to
/redirect/ - The browser will respond with a 302 status code and you will be redirected back to
/ - The
sessionidcookie will now be set
Hitting the Express server, proxied through Miniflare:
- Clear your cookies
- Navigate to http://localhost:8787/
- Click the “submit” button
- A POST request will be made to
/redirect/ - You will receive a 200 status code, but the browser will not be redirected
- You will see the contents of
/, but the URL will still be/redirect/ - The
sessionidcookie will not be set
I would expect the behavior to be the same whether proxied through Miniflare or not.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:3
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey! 👋 Miniflare
2.0.0has just been released, which includes this fix. You can find the changes since2.0.0-rc.5at the end of the changelog and install it withnpm i miniflare -D. Please let me know if you have any other issues, and feel free to ask questions in the#miniflarechannel of the Cloudflare Workers Discord server.Awesome 👍, thanks for all your responses. That Deno PR was very interesting. I noticed Cloudflare actually sets the
redirectmode to"manual"for incoming requests so we don’t need to do this infetch. I’ve implemented youropaqueredirectresponse unwrapping though, thanks again @vzaramel and @hnrqer for working on this. 😃