OSSForks/express
1
0
Fork 0
mirror of https://github.com/zebrajr/express.git synced 2025-12-06 12:19:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ignore expires and maxAge in res.clearCookie() (#5792)

Browse Source 
* add test for removing user provided expires

* rework impl and tests to ignore maxAge, do not set it

this is to take into account the built-in relative expires when passing
a maxAge to res.cookie

I realized that using maxAge to invalidate cookies inherrently hit this
relativee expires behavior, and the goal of this PR is not to rework
that relative expires behavior w/ maxAge, but to prevent users from
overwriting these values by accident when clearing cookies

* update history.md

* explicitly delete maxAge instead of setting as undefined

* drop the spread, use object.assign

* wording, review comment on history.md

Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>

* ♻️ use spread, update supported ecmascript version

---------

Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>
This commit is contained in:
Jon Church 2024-08-02 16:26:45 -04:00 committed by GitHub
parent 160b91cbf7
commit 82fc12a40b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.eslintrc.yml
View File

@ -1,6 +1,6 @@
root: true root: true
env: env:
es6: true es2022: true
node: true node: true
rules: rules:
eol-last: error eol-last: error

2
History.md
View File

@ -4,6 +4,8 @@ unreleased
* `res.status()` accepts only integers, and input must be greater than 99 and less than 1000 * `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
* will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
* will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
* change:
- `res.clearCookie` will ignore user provided `maxAge` and `expires` options
5.0.0-beta.3 / 2024-03-25 5.0.0-beta.3 / 2024-03-25
========================= =========================

5
lib/response.js
View File

@ -707,7 +707,10 @@ res.get = function(field){
*/ */
res.clearCookie = function clearCookie(name, options) { res.clearCookie = function clearCookie(name, options) {
var opts = merge({ expires: new Date(1), path: '/' }, options); // Force cookie expiration by setting expires to the past
const opts = { path: '/', ...options, expires: new Date(1)};
// ensure maxAge is not passed
delete opts.maxAge
return this.cookie(name, '', opts); return this.cookie(name, '', opts);
}; };

26
test/res.clearCookie.js
View File

@ -32,5 +32,31 @@ describe('res', function(){
.expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT') .expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
.expect(200, done) .expect(200, done)
}) })
it('should ignore maxAge', function(done){
var app = express();
app.use(function(req, res){
res.clearCookie('sid', { path: '/admin', maxAge: 1000 }).end();
});
request(app)
.get('/')
.expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
.expect(200, done)
})
it('should ignore user supplied expires param', function(done){
var app = express();
app.use(function(req, res){
res.clearCookie('sid', { path: '/admin', expires: new Date() }).end();
});
request(app)
.get('/')
.expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
.expect(200, done)
})
}) })
}) })