Skip to content

Commit 301e3cd

Browse files
authored
fix(lambda-http): into_api_gateway_v2_request joins cookies with "; " (#1143)
into_api_gateway_v2_request reconstructs the Cookie header by joining the cookies array from the API Gateway v2 event payload with ";" (no space). This violates RFC 6265 §4.2.1, which mandates "; " (semicolon followed by a space) as the cookie-pair separator. The result is a non-compliant Cookie header that breaks any downstream cookie parser that follows the spec strictly like BetterAuth.
1 parent e397be4 commit 301e3cd

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

lambda-http/src/request.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ fn into_api_gateway_v2_request(ag: ApiGatewayV2httpRequest) -> http::Request<Bod
147147

148148
let mut headers = ag.headers;
149149
if let Some(cookies) = ag.cookies {
150-
if let Ok(header_value) = HeaderValue::from_str(&cookies.join(";")) {
150+
if let Ok(header_value) = HeaderValue::from_str(&cookies.join("; ")) {
151151
headers.insert(http::header::COOKIE, header_value);
152152
}
153153
}
@@ -570,7 +570,7 @@ mod tests {
570570

571571
assert_eq!(req.method(), "POST");
572572
assert_eq!(req.uri(), "https://id.execute-api.us-east-1.amazonaws.com/my/path?parameter1=value1&parameter1=value2&parameter2=value");
573-
assert_eq!(cookie_header, Ok("cookie1=value1;cookie2=value2"));
573+
assert_eq!(cookie_header, Ok("cookie1=value1; cookie2=value2"));
574574

575575
// Ensure this is an APIGWv2 request
576576
let req_context = req.request_context_ref().expect("Request is missing RequestContext");

0 commit comments

Comments
 (0)