You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* fix: support cookie v2.x
v2 removed the / exports in favour of
/, which broke every route that
sets or reads a cookie (all requests returned 500).
- adapt to the new cookie@2 API while keeping the historic
/ signatures
for @fastify/cookie's own public API (fastify.parseCookie,
fastify.serializeCookie, module.exports.parse/serialize)
- bump the dependency to ^2.0.0
- fix README links that pointed to now-outdated v1 anchors
* refactor: update index.js
Copy file name to clipboardExpand all lines: README.md
+25-19Lines changed: 25 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,11 +14,13 @@ upon this plugin's actions.
14
14
It is also possible to [import the low-level cookie parsing and serialization functions](#importing-serialize-and-parse).
15
15
16
16
## Install
17
+
17
18
```sh
18
19
npm i @fastify/cookie
19
20
```
20
21
21
22
### Compatibility
23
+
22
24
| Plugin version | Fastify version |
23
25
| ---------------|-----------------|
24
26
|`>=10.x`|`^5.x`|
@@ -162,14 +164,13 @@ attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not.
162
164
163
165
More information about this can be found in [the proposal](https://github.com/privacycg/CHIPS).
164
166
165
-
166
167
##### priority
167
168
168
169
Specifies the `string` to be the value for the [`Priority``Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/draft-west-cookie-priority-00#section-4.1).
169
170
170
-
-`'low'` will set the `Priority` attribute to `Low`.
171
-
-`'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
172
-
-`'high'` will set the `Priority` attribute to `High`.
171
+
-`'low'` will set the `Priority` attribute to `Low`.
172
+
-`'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
173
+
-`'high'` will set the `Priority` attribute to `High`.
173
174
174
175
More information about the different priority levels can be found in
@@ -185,11 +186,11 @@ is considered the ["default path"](https://datatracker.ietf.org/doc/html/rfc6265
185
186
186
187
Specifies the `boolean` or `string` to be the value for the [`SameSite``Set-Cookie` attribute](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
187
188
188
-
-`true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
189
-
-`false` will not set the `SameSite` attribute.
190
-
-`'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
191
-
-`'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
192
-
-`'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
189
+
-`true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
190
+
-`false` will not set the `SameSite` attribute.
191
+
-`'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
192
+
-`'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
193
+
-`'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
193
194
194
195
More information about the different enforcement levels can be found in
@@ -214,7 +215,7 @@ as an object named `cookies`. Thus, if a request contains the header
214
215
`Cookie: foo=foo` then, within your handler, `req.cookies.foo` would equal
215
216
`'foo'`.
216
217
217
-
You can pass options to the [cookie parse](https://github.com/jshttp/cookie#cookieparsestr-options) by setting an object named `parseOptions` in the plugin config object.
218
+
You can pass options to the [cookie parse](https://github.com/jshttp/cookie#cookieparsecookiestr-options) by setting an object named `parseOptions` in the plugin config object.
218
219
219
220
### Sending
220
221
@@ -223,11 +224,11 @@ via the Fastify `decorateReply` API. Thus, in a request handler,
223
224
`reply.setCookie('foo', 'foo', {path: '/'})` will set a cookie named `foo`
224
225
with a value of `'foo'` on the cookie path `/`.
225
226
226
-
+`name`: a string name for the cookie to be set
227
-
+`value`: a string value for the cookie
228
-
+`options`: an options object as described in the [cookie serialize][cs] documentation
229
-
+`options.signed`: the cookie should be signed
230
-
+`options.secure`: if set to `true` it will set the Secure-flag. If it is set to `"auto"` Secure-flag is set when the connection is using tls.
227
+
-`name`: a string name for the cookie to be set
228
+
-`value`: a string value for the cookie
229
+
-`options`: an options object as described in the [cookie serialize][cs] documentation
230
+
-`options.signed`: the cookie should be signed
231
+
-`options.secure`: if set to `true` it will set the Secure-flag. If it is set to `"auto"` Secure-flag is set when the connection is using tls.
231
232
232
233
#### Securing the cookie
233
234
@@ -245,8 +246,8 @@ via the Fastify `decorateReply` API. Thus, in a request handler,
245
246
`reply.clearCookie('foo', {path: '/'})` will clear a cookie named `foo`
246
247
on the cookie path `/`.
247
248
248
-
+`name`: a string name for the cookie to be cleared
249
-
+`options`: an options object as described in the [cookie serialize][cs]
249
+
-`name`: a string name for the cookie to be cleared
250
+
-`options`: an options object as described in the [cookie serialize][cs]
250
251
documentation. It is optional to pass an `options` object
251
252
252
253
### Manual cookie parsing
@@ -255,14 +256,16 @@ The method `parseCookie(cookieHeader)` is added to the `fastify` instance
255
256
via the Fastify `decorate` API. Thus, `fastify.parseCookie('sessionId=aYb4uTIhdBXC')`
256
257
will parse the raw cookie header and return an object `{ "sessionId": "aYb4uTIhdBXC" }`.
Key rotation is when an encryption key is retired and replaced by generating a new cryptographic key. To implement rotation, supply an `Array` of keys to `secret` option.
The plugin will **always** use the first key (`key1`) to sign cookies. When parsing incoming cookies, it will iterate over the supplied array to see if any of the available keys are able to decode the given signed cookie. This ensures that any old signed cookies are still valid.
273
276
274
277
Note:
278
+
275
279
- Key rotation is **only** achieved by redeploying the server again with the new `secret` array.
276
280
- Iterating through all secrets is an expensive process, so the rotation list should contain as few keys as possible. Ideally, only the current key and the most recently retired key.
277
281
- Although previously signed cookies are valid even after rotation, cookies should be updated with the new key as soon as possible. See the following example for how to accomplish this.
The `secret` option optionally accepts an object with `sign` and `unsign` functions. This allows for implementing a custom cookie signing mechanism. See the following example:
@@ -117,12 +125,20 @@ function plugin (fastify, options, next) {
117
125
constsecret=options.secret
118
126
consthook=getHook(options.hook)
119
127
if(hook===undefined){
120
-
returnnext(newError('@fastify/cookie: Invalid value provided for the hook-option. You can set the hook-option only to false, \'onRequest\' , \'preParsing\' , \'preValidation\' or \'preHandler\''))
"@fastify/cookie: Invalid value provided for the hook-option. You can set the hook-option only to false, 'onRequest' , 'preParsing' , 'preValidation' or 'preHandler'"
0 commit comments