Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

can no longer return multiple `set-cookie` headers from endpoints

See original GitHub issue

Describe the bug

In a recent update, probably #3384, the ability to return multiple set-cookie headers from an endpoint seems to have broken. Instead of returning multiple set-cookie headers, it returns just one with cookie values comma-separated (which browsers cannot interpret correctly).

Reproduction

This endpoint:

export function get() {
  return {
    headers: {
      'set-cookie': [
        'accesstoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict',
        'refreshtoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict',
      ]
    }
  }
}

produces the following headers:

set-cookie: accesstoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict, refreshtoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict

but it should produce:

set-cookie: accesstoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict
set-cookie: refreshtoken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure; SameSite=Strict

Logs

No response

System Info

System:
    OS: macOS 12.1
    CPU: (8) arm64 Apple M1
    Memory: 1.71 GB / 16.00 GB
    Shell: 3.2.57 - /bin/bash
  Binaries:
    Node: 17.4.0 - /opt/homebrew/bin/node
    npm: 8.3.1 - /opt/homebrew/bin/npm
  Browsers:
    Chrome: 97.0.4692.99
    Safari: 15.2
  npmPackages:
    @sveltejs/adapter-auto: next => 1.0.0-next.13 
    @sveltejs/kit: next => 1.0.0-next.235 
    svelte: ^3.44.0 => 3.46.2

Severity

blocking an upgrade

Additional Information

No response

Issue Analytics

State:
Created 2 years ago
Comments:32 (17 by maintainers)

Top GitHub Comments

3reactions

Rich-Harriscommented, Jan 24, 2022

I think that might be because I forgot to add changesets for adapter-node/netlify, meaning they didn’t get rebuilt with the fix. Releasing new versions now

2reactions

isaacfrancocommented, Feb 1, 2022

Thank you @JeanJPNM! I appreciate you pointing this out.

@kamholz earlier said “that doesn’t work because of the issue with the Headers API.” though. So can we use multiple appends with headers?

Yes. You could use multiple appends.

version: 1.0.0-next.252

export async function handle({ event, resolve }) {
    const response = await resolve(event);

    response.headers.append('Set-Cookie', 'handleFoo=foo');
    response.headers.append('Set-Cookie', 'handleBar=bar; HttpOnly=true');

    return response;
}

Top Results From Across the Web

SVELTE set multiple Http cookies in one request headers

you can use response.headers.append(headerName, headerValue) to add a header without overwriting existing ones.

Can't get cookies in Apigee or see them on Trace, help!

Hi,. I need some help with capturing Set-Cookies, please. So, one route sends three Set-Cookies back from the endpoint.

Reply - Fastify

When sending different values as a cookie with set-cookie as the key, every value will be sent as a cookie instead of replacing...

Invoking Lambda function URLs - AWS Documentation

To return cookies from your function, don't manually add set-cookie headers. Instead, include the cookies in your response payload object. Lambda automatically ...

Content-Security-Policy - HTTP - MDN Web Docs

The CSP mechanism allows multiple policies being specified for a resource ... You can use the Content-Security-Policy header more than once, ...