Comments (13)
djbobbydrake
commented on August 17, 2024
3
Has anyone solved this issue for koa?
from cookies.
atian25
commented on August 17, 2024
2
@fengmk2 it seem this still happen in koa
from cookies.
dougwilson
commented on August 17, 2024
1
This issue, "Allow the developer to send secure cookies no matter what" is already fixed in the version 0.6.0 release. Just set secure: true in your Cookies constructor and then this module will assume the request is secure for setting secure cookie and will not examine the request itself.
from cookies.
jonathanong
commented on August 17, 2024
sounds good to me, though i think devs need some warning. @dougwilson
from cookies.
dougwilson
commented on August 17, 2024
Yea. I am π on changing the module to allow people to shoot themselves in the foot by sending a secure cookie over a potentially non-secure connection, because it just adds a lot of complexity to the module otherwise. I believe there is a way to do this is a backwards-compatible way and provide any necessary warnings :)
TL;DR I'm in favor, so it'll get added in soon.
from cookies.
fengmk2
commented on August 17, 2024
Thanks all.
2014-7-30 δΈε3:45δΊ "Douglas Christopher Wilson" [email protected]ειοΌ
Yea. I am [image: π] on changing the module to allow people to shoot
themselves in the foot by sending a secure cookie over a potentially
non-secure connection, because it just adds a lot of complexity to the
module otherwise. I believe there is a way to do this is a
backwards-compatible way and provide any necessary warnings :)TL;DR I'm in favor, so it'll get added in soon.
β
Reply to this email directly or view it on GitHub
#51 (comment).
from cookies.
RHavar
commented on August 17, 2024
What's the status of this? How is everyone else working around this? It's pretty common to use SaaS providers, like heroku to have an unencrypted connection between their load balancer and your app. As well doing SSL termination in nginx and what not.
from cookies.
dougwilson
commented on August 17, 2024
They are using Express or something else that updates req.protocol based on the reverse proxy.
from cookies.
dougwilson
commented on August 17, 2024
As a side-note, this issue wasn't assigned to me, so I didn't even remember it existed. That's fixed now.
from cookies.
fengmk2
commented on August 17, 2024
me too β¦
from cookies.
tiagocpontesp
commented on August 17, 2024
FYI this isn't working through .set(..., opts), on the latest version.
from cookies.
pecliu
commented on August 17, 2024
FYI this isn't working through
.set(..., opts), on the latest version.
Me too. setting secure: true inctx.cookies.set(..., opts) doesn't work, still throw Cannot send secure cookie over unencrypted connection
from cookies.
dougwilson
commented on August 17, 2024
You need to construct it with the override first: cookies = new Cookies( request, response, { secure: true })
from cookies.
Related Issues (20)
- Getting cookies of a request without having to pass response argument HOT 2
- Set Domain in options is not working HOT 3
- request.connection is deprecated
- set cookie with ";" is broken and the "signed" property returns undefined HOT 2
- Release sameSite = none PR HOT 3
- Storing cookie value + signature in a unified cookie instead of cookie_name.sig HOT 1
- Using this with Http2stream HOT 3
- How to install? HOT 1
- Migrate to travis-ci.com HOT 1
- Support of Sha256 HOT 1
- TypeError: Cannot read property 'encrypted' of undefined HOT 1
- make setHeader compatible with fastify reply (patch included) HOT 2
- Cookie maxAge HOT 1
- Using "signed: ture" will set two cookies? HOT 3
- missing cookie option "Priority" HOT 1
- How to allow multiple domains for CookieOptions.domain
- Get a cookie in 2023 HOT 1
- How to set SameSite attribute for .sig? HOT 1
- Cookies Having Independent Partitioned State (CHIPS, also know as Partitioned cookies) HOT 2
- Cookie overwrite not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookies.