Cookies still getting combined into one header

Question

Cookies still getting combined into one header

stephenh opened this issue 5 years ago · 0 comments

I believe prax is still combining cookie headers. However, I'm confused because it looks like this was supposed to be fixed in #32.

Most of my team uses pow, but I'm using prax, and was having trouble authing against our www.<us>.localhost because my csrf_token cookie was not being set.

When accessing our app directly (w/o prax via the production domain), I get back three set-cookie values when I look in chrome's network tab:

set-cookie: locale=en; domain=www.example.com
set-cookie: csrf_token=...uuid...; domain=.example.com; path=/
set-cookie: auth_token=...jwt...; domain=www.example.com; path=/; secure; HttpOnly

However, when using prax, I get back a single set-cookie cookie header:

set-cookie: locale=en; domain=.example.localhost, csrf_token=...uuid...; domain=.example.localhost; path=/, auth_token=...jwt...; domain=.example.localhost; path=/; HttpOnly

I'm using prax 0.8.1:

$ prax --version
Prax 0.8.1-1 (2018-12-08)

And latest chrome, Version 75.0.3770.100 (Official Build) (64-bit)...

It seems like prax shouldn't be doing this, right? Any ideas?