Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fetch API corrupts repetitive response headers

See original GitHub issue

Description

The Fetch API misinterprets repetitive response headers, for instance, Set-Cookie header passed separately for each cookie. All values of the header concatenate into a single string unusable for further processing.

Reproduction

fetch('https://github.com/facebook/react-native')
    .then((response) => {
        console.log(response.headers);
        console.log(response.headers.getAll('Set-Cookie'));
    });

Expected result:

{ map: 
	   { date: [ 'Fri, 10 Mar 2017 06:53:22 GMT' ],
	     'content-type': [ 'text/html; charset=utf-8' ],
	     'set-cookie': [
                 '_gh_sess=eyJsYXN0...; path=/; secure; HttpOnly',
                 'user_session=AYIZ4afT...; path=/; expires=Fri, 24 Mar 2017 07:18:28 -0000; secure; HttpOnly'
             ]
           }
}

[
    '_gh_sess=eyJsYXN0...; path=/; secure; HttpOnly',
    'user_session=AYIZ4afT...; path=/; expires=Fri, 24 Mar 2017 07:18:28 -0000; secure; HttpOnly'
]

Actual result:

{ map: 
	   { date: [ 'Fri, 10 Mar 2017 06:53:22 GMT' ],
	     'content-type': [ 'text/html; charset=utf-8' ],
	     'set-cookie': [
                 '_gh_sess=eyJsYXN0...; path=/; secure; HttpOnly, user_session=AYIZ4afT...; path=/; expires=Fri, 24 Mar 2017 07:18:28 -0000; secure; HttpOnly'
             ]
           }
}

[
    '_gh_sess=eyJsYXN0...; path=/; secure; HttpOnly, user_session=AYIZ4afT...; path=/; expires=Fri, 24 Mar 2017 07:18:28 -0000; secure; HttpOnly'
]

Solution

The underlying platform-specific code that implements the Fetch API needs to be fixed.

Additional Information

  • React Native version: 0.42.0
  • Platform: iOS (haven’t tested on Android)
  • Operating System: MacOS

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Reactions:3
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

5reactions
stevefcommented, Apr 5, 2018

This is still an issue and shouldn’t be closed.

2reactions
nfriedlycommented, Jun 8, 2018

TL; DR:

I think React Native is more or less doing things correctly here, but it would be nice if it followed the example of Node.js and special-cased Set-Cookie headers as an array field rather than a combined one and/or provided access to the raw headers.

Long version with citations:

In reading things this morning, and talking to folks behind the Fetch spec, React Native seems to be following the fetch spec correctly, with the exception of allowing access to Set-Cookie headers at all. (And the second exception of including the now-deprecated Headers.getAll() API; but the value-combining behavior is correct for when it was in the spec).

The header combining behavior is allowed (but not required) according to the HTTP RFC, and also mentioned in the cookie RFC:

An origin server may include multiple Set-Cookie headers in a response. Note that an intervening gateway could fold multiple such headers into a single header.

It can be rather difficult to combine a combined Set-Cookie header since, for example, a expires field can contain the same ", " separator that is used to combine multiple headers into one.

The Fetch spec takes things a step further and requires this combining behavior. Fetch folks are aware that it doesn’t work well for cookies but require the behavior anyways since their spec doesn’t allow access to Set-Cookie headers.

So, as I said above, special-casing cookies and/or providing raw header access would be very beneficial here.

Looking at the code, that may be easier said then done…

Also, regarding this:

React Native also appears to discard cookie path (and perhaps domain) when automatically sending Cookie headers based on the previously received Set-Cookie.

I believe this is the correct behavior. Set-Cookie is allowed to contain that stuff, but not Cookie - it just contains name-value pairs as appropriate for the requested path and domain.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to include both a parsed response and ... - Stack Overflow
It makes it very easy to handle both the promise that fetch returns as well as the promise that response.json() returns.
Read more >
Handle Blobs requests with Axios the right way - Medium
The tricky part here is that we need to specify that we are sending FormData in the Request Headers. The response will be...
Read more >
Using the Fetch API - MDN Web Docs
The Fetch API provides a JavaScript interface for accessing and manipulating parts of the protocol, such as requests and responses.
Read more >
HTTP/2: The Sequel is Always Worse | PortSwigger Research
In HTTP/2, those headers are redundant because each message body is composed of data frames which have a built-in length field. This means ......
Read more >
Authoritative guide to CORS (Cross-Origin Resource Sharing ...
GET /widgets/ HTTP/1.1 Host: api.mydomain.com Origin: https://www.mydomain.com [Rest of request...] The server checks the Origin request header.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

FlatList - while list is scrolling/rendering items the JS thread is blocked, onPress are super delayed.

Next page

Android APK crashes after start.