kwhitley/itty-router-extras

If cookie value contains "=", cookie value will be truncated to portion before the first "=" in the value

Closed this issue · 0 comments

I got bitten by this bug earlier today because I'm storing query parameters inside a cookie, i.e Example_Cookie=foo=1&bar=2&baz=3; Path=/; Expires=Fri, 02 Dec 2022 08:50:35 GMT; and what happens when the above is read out using withCookies is I get:

req.cookies
// { Example_Cookie: "foo"}

rather than

req.cookies
// { Example_Cookie: "foo=1&bar=2&baz=3"}

Looking at RFC6265, "=" is a valid character within the value of a cookie, so ideally the parsing behaviour should account for that.

I believe this is likely due to the withCookies implementation using .split("=") which splits on all "=" in the string rather than targeting only the first "=".

.map(pair => pair.split('='))

Package versions:
itty-router: "2.4.5"
itty-router-extras: "0.4.2"

Opening this issue so I can submit a PR that fixes this shortly.