Skip to content

Commit 24e6f5d

Browse files
ci(release): publish latest release
1 parent 46ccc22 commit 24e6f5d

4 files changed

Lines changed: 85 additions & 20 deletions

File tree

RELEASE

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
IPFS hash of the deployment:
2-
- CIDv0: `QmdDx5deWHGDuMypAwMLmaRE34Gxyr6CeyKSLoECMepymr`
3-
- CIDv1: `bafybeig5e7qt2nzdxmxfwobch2bemw724ebwkvfy7mcrv6kr5sxevhaioe`
2+
- CIDv0: `QmcZ2EpEkvWShf9tY3n46zV2aBASUSAHf2872B52oazFDT`
3+
- CIDv1: `bafybeigtf3xbx7aeslzboofkhy5hqoratz3msbl4cojm6pe6itmbprrtyi`
44

55
The latest release is always mirrored at [app.uniswap.org](https://app.uniswap.org).
66

@@ -10,5 +10,5 @@ You can also access the Uniswap Interface from an IPFS gateway.
1010
Your Uniswap settings are never remembered across different URLs.
1111

1212
IPFS gateways:
13-
- https://bafybeig5e7qt2nzdxmxfwobch2bemw724ebwkvfy7mcrv6kr5sxevhaioe.ipfs.dweb.link/
14-
- [ipfs://QmdDx5deWHGDuMypAwMLmaRE34Gxyr6CeyKSLoECMepymr/](ipfs://QmdDx5deWHGDuMypAwMLmaRE34Gxyr6CeyKSLoECMepymr/)
13+
- https://bafybeigtf3xbx7aeslzboofkhy5hqoratz3msbl4cojm6pe6itmbprrtyi.ipfs.dweb.link/
14+
- [ipfs://QmcZ2EpEkvWShf9tY3n46zV2aBASUSAHf2872B52oazFDT/](ipfs://QmcZ2EpEkvWShf9tY3n46zV2aBASUSAHf2872B52oazFDT/)

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
web/5.153.5
1+
web/5.153.6
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
import { rewriteProxiedCookie, rewriteProxiedCookies } from 'functions/cookie-utils'
2+
3+
describe('rewriteProxiedCookie', () => {
4+
describe('SameSite pass-through', () => {
5+
it('preserves SameSite=None (session cookies minted by platform-service, INC-344)', () => {
6+
const result = rewriteProxiedCookie('x-session-id=abc123; Path=/; Secure; HttpOnly; SameSite=None')
7+
expect(result).toBe('x-session-id=abc123; Path=/; Secure; HttpOnly; SameSite=None')
8+
})
9+
10+
it('preserves SameSite=Lax', () => {
11+
const result = rewriteProxiedCookie('x-device-id=dev456; Path=/; Secure; HttpOnly; SameSite=Lax')
12+
expect(result).toBe('x-device-id=dev456; Path=/; Secure; HttpOnly; SameSite=Lax')
13+
})
14+
15+
it('preserves SameSite=Strict on arbitrary cookies', () => {
16+
const result = rewriteProxiedCookie('other=value; Path=/; Secure; SameSite=Strict')
17+
expect(result).toBe('other=value; Path=/; Secure; SameSite=Strict')
18+
})
19+
20+
it('does not add SameSite when the backend omits it', () => {
21+
const result = rewriteProxiedCookie('other=value; Path=/; Secure')
22+
expect(result).not.toContain('SameSite')
23+
})
24+
})
25+
26+
describe('Domain and prefix stripping', () => {
27+
it('strips Domain and keeps SameSite untouched', () => {
28+
const result = rewriteProxiedCookie('x-session-id=abc123; Domain=.uniswap.org; Path=/; Secure; SameSite=None')
29+
expect(result).not.toContain('Domain')
30+
expect(result).toContain('SameSite=None')
31+
})
32+
33+
it('strips __Secure- prefix without touching other attributes', () => {
34+
const result = rewriteProxiedCookie('__Secure-x-session-id=abc123; Path=/; Secure; SameSite=None')
35+
expect(result).toBe('x-session-id=abc123; Path=/; Secure; SameSite=None')
36+
})
37+
38+
it('strips __Host- prefix and Domain', () => {
39+
const result = rewriteProxiedCookie('__Host-other=value; Domain=.uniswap.org; Path=/; Secure; SameSite=Strict')
40+
expect(result).toBe('other=value; Path=/; Secure; SameSite=Strict')
41+
})
42+
43+
it('leaves a plain cookie without Domain or prefixes unchanged', () => {
44+
const result = rewriteProxiedCookie('other=value')
45+
expect(result).toBe('other=value')
46+
})
47+
})
48+
})
49+
50+
describe('rewriteProxiedCookies', () => {
51+
it('returns the response unchanged when there are no Set-Cookie headers', () => {
52+
const response = new Response('body', { status: 200 })
53+
expect(rewriteProxiedCookies(response)).toBe(response)
54+
})
55+
56+
it('rewrites multiple cookies, preserving each SameSite as sent', () => {
57+
const headers = new Headers()
58+
headers.append('Set-Cookie', 'x-session-id=abc; Domain=.uniswap.org; Path=/; Secure; HttpOnly; SameSite=None')
59+
headers.append('Set-Cookie', 'other=value; Path=/; Secure; SameSite=Strict')
60+
const response = new Response('body', { status: 200, headers })
61+
62+
const rewritten = rewriteProxiedCookies(response)
63+
const cookies = rewritten.headers.getSetCookie()
64+
65+
expect(cookies).toEqual([
66+
'x-session-id=abc; Path=/; Secure; HttpOnly; SameSite=None',
67+
'other=value; Path=/; Secure; SameSite=Strict',
68+
])
69+
})
70+
})

apps/web/functions/cookie-utils.ts

Lines changed: 10 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,12 @@
1515
* Transformations:
1616
* 1. Strips __Host- and __Secure- prefixes from cookie names
1717
* 2. Removes Domain attribute (lets browser default to request origin)
18-
* 3. Ensures SameSite=Lax
19-
* 4. Keeps Secure flag (both Vercel and Cloudflare serve over HTTPS)
18+
*
19+
* SameSite (and every other attribute) passes through untouched — cookie
20+
* policy is owned by entry-gateway/platform-service, not this proxy.
21+
* Platform-service mints session cookies `SameSite=None; Secure` so iframe
22+
* embeds keep their session (INC-344); overriding SameSite here would
23+
* silently undo that in every environment served through this proxy.
2024
*/
2125
export function rewriteProxiedCookie(cookie: string): string {
2226
let rewritten = cookie
@@ -25,25 +29,16 @@ export function rewriteProxiedCookie(cookie: string): string {
2529
// Only touch the name portion (before first '=') to avoid corrupting values.
2630
const nameEndIndex = rewritten.indexOf('=')
2731
if (nameEndIndex > 0) {
28-
const cookieName = rewritten.substring(0, nameEndIndex)
29-
const strippedName = cookieName.replace(/^(__Host-|__Secure-)/, '')
30-
if (strippedName !== cookieName) {
31-
rewritten = strippedName + rewritten.substring(nameEndIndex)
32+
const rawName = rewritten.substring(0, nameEndIndex)
33+
const cookieName = rawName.replace(/^(__Host-|__Secure-)/, '')
34+
if (cookieName !== rawName) {
35+
rewritten = cookieName + rewritten.substring(nameEndIndex)
3236
}
3337
}
3438

3539
// Remove Domain attribute (e.g., Domain=.uniswap.org)
3640
rewritten = rewritten.replace(/Domain=[^;]+;?\s?/gi, '')
3741

38-
// Handle SameSite attribute — ensure Lax
39-
if (rewritten.includes('SameSite=')) {
40-
rewritten = rewritten.replace(/SameSite=\w+/gi, 'SameSite=Lax')
41-
} else if (rewritten.includes('Path=')) {
42-
rewritten = rewritten.replace(/(Path=[^;]+)/, 'SameSite=Lax; $1')
43-
} else {
44-
rewritten = `${rewritten}; SameSite=Lax`
45-
}
46-
4742
return rewritten
4843
}
4944

0 commit comments

Comments
 (0)