Reject responses that have explicit set-cookie
essen opened this issue · comments
This causes confusion otherwise. See #1483 (comment)
We want users to call set_resp_cookie or to manually set the raw resp_cookies value in the Req. A function to do that may be welcome. This is mainly useful for proxies though so not sure how much we should do.
I am looking for issues in Erlang to practice more. Would you say I could pick this one?
Hello @geeksilva97 sorry I had not received an email following your comment, guess it got lost. Yes it would be a good choice. Basically the functions set_resp_header
, set_resp_headers
, inform
, reply
, stream_reply
and stream_trailers
should fail if the headers given in argument contain set-cookie
.
Thank you, @essen . Will give it try, starting tomorrow.
Just a confirmation, @essen . Should I throw an error? If so, are you expecting anything special?
I was naively thinking of something like
set_resp_header(<<"set-cookie">>, _, _) ->
throw({invalid_header_name, <<"set-cookie">>});
Please use something of the form:
exit({response_error, invalid_header,
'The set-cookie header is special and must be set using cowboy_req:set_resp_cookie/3,4.'})
See a40bab8 for a more extensive example.
Please use something of the form:
exit({response_error, invalid_header, 'The set-cookie header is special and must be set using cowboy_req:set_resp_cookie/3,4.'})
See a40bab8 for a more extensive example.
Thank you. Will do.
Done. Closing, thank you!