fix: apply the encode callback to empty cookie values#277
Conversation
The encode option is documented to mirror decode and should run for every value, but stringifySetCookie used a truthiness test that skipped it for the empty string, emitting a raw name= instead of the encoded result. This broke encode/decode symmetry for signing and encrypting encoders. Use a null check so empty strings are routed through the encoder while the object-form value: undefined still maps to an empty value. This matches the sibling stringifyCookie helper and cookie@0.7.2, which both always call the encoder.
|
Since the documentation states it should be a string, I think this should always just be |
|
Agreed that always |
|
I'd just fold it into a new major, that's fine by me. No one has mentioned it as an issue and explicitly unsetting a cookie is usually done by passing an empty string as the value, so making it potentially longer isn't much of a plus 🤷 |
|
Fair enough - the empty value is usually an unset, so leaving it unencoded is the lighter default. I will close this in favor of folding it into the next major. Thanks for thinking it through. |
|
Would you like to update this PR or make another? A new major will occur this or next week. |
|
😅 It looks like I didn't realize my types do allow |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #277 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 1 1
Lines 160 193 +33
Branches 69 82 +13
=========================================
+ Hits 160 193 +33 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
The documented
encodeoption is meant to mirrordecodeand apply to every value, so that a custom encoder (signing, encrypting, base64, etc.) round-trips correctly with its matchingdecode.stringifySetCookieinstead used a truthiness test:For an empty-string value this skips the encoder entirely and emits a raw
name=, instead ofname=<encode("")>. That silently breaks encode/decode symmetry whenever the value happens to be empty.The sibling
stringifyCookiehelper always calls the encoder, and so didcookie@0.7.2, so this is also an inconsistency between the two stringify paths.The fix swaps the truthiness check for a null check:
Empty strings are now routed through the encoder, while the object-form
value: undefinedstill maps to an empty value, preserving existing behavior.Added a test that fails before the change and passes after:
Full suite stays green (230 tests).