Multiple cookies in Set-Cookie header at one response

Question

Multiple cookies in Set-Cookie header at one response

razb-viola opened this issue 7 months ago · comments

Context

After signing in, in the mock server, I want to send both Authorization cookie and CSRFToken cookie - at one response.
In addition, I want it also to be stated down that these two cookies will be saved (in the documentation).

Current Behavior

Only the first cookie in the examples array is sent.

Expected Behavior

Multiple cookies should be registered in the mock server, just like any other real server.
Proper documentation should tell about more than one cookie.

Possible Solution(s)

Ability to define multiple cookies in the same header can be done as follows:

examples: ['Authorization: my cookie value here ....', 'CSRFToken: cookie value here']

or,

example: 'Authorization: my cookie here, CSRFToken: my cookie here' // one string

Chelsea Hohmann · Answer 1 · Sat Nov 18 2023 02:01:08 GMT+0800 (China Standard Time)

@razb-viola could you please provide the following:

example spec to reproduce the issue
command used to start up Prism (i.e. prism mock ...)
example request you're sending the mock server to reproduce the issue
response gotten from your sample request
expected response from your sample request

Raz Buchnik · Answer 2 · Tue Nov 21 2023 05:04:12 GMT+0800 (China Standard Time)

@chohmann this is a typical headers response:

responses:
        "201":
          description: Signed in validated successfully
          headers:
            Set-Cookie:
              schema:
                type: string
                example: Authorization=Bearer token; Path=/; HttpOnly

Now how can I set Refresh token cookie as well? in the same response. I can only send one cookie not multiple.

Chelsea Hohmann · Answer 3 · Sat Dec 02 2023 01:14:17 GMT+0800 (China Standard Time)

@razb-viola we really need all of the information asked for in my previous comment before we can really look into this issue.

Could you please provide the following:

FULL example spec to reproduce the issue
command used to start up Prism (i.e. prism mock ...)
example request you're sending the mock server to reproduce the issue
response gotten from your sample request
expected response from your sample request

Raz Buchnik · Answer 4 · Wed Dec 06 2023 05:48:46 GMT+0800 (China Standard Time)

@chohmann you ask things that already mentioned here. Could you please just tell me how to set it work the right way instead?

Kayla Chun · Answer 5 · Sat Dec 09 2023 01:16:20 GMT+0800 (China Standard Time)

@razb-viola I'm sorry, but we are unable to proceed without the information requested from @chohmann above. We will be closing this issue out but feel free to open a new issue when you're able to provide that information.

Raz Buchnik · Answer 6 · Sat Dec 09 2023 05:05:15 GMT+0800 (China Standard Time)

Hi guys I am trying to register 2 cookies in the same response header - what actually happens is that only one cookie is registered (the first one but never the second one).

Lets answer your questions one by one:

FULL example spec to reproduce the issue

command used to start up Prism (i.e. prism mock ...)

example request you're sending the mock server to reproduce the issue

response gotten from your sample request

expected response from your sample request

Answers:

What do you mean by full? my OAS spec is around 3k of lines. I have provided the exact part that is relevant. The part that I am sending the 200 status code response with the Set-Cookie header is just the only needed part, believe me. If it helps, I tried both on OpenApi version 3.0 and 3.1. Both didn't work.
Just as you said, I use: prism mock ./path/to/oas.yaml
The Content-Type header is application/json, but it doesn't matter to mention this, since there is no problem with the request because the first cookie is registered.
A traditional Set-Cookie response header BUT with the value of the first cookie only.
A traditional Set-Cookie header with the value of BOTH cookies.

**

This is the updated spec, with two cookies but only the accessToken will be saved in the browser's cookies:

responses:
        "201":
          description: Signed in validated successfully
          headers:
            Set-Cookie:
              schema:
                type: string
                examples: 
                - accessToken=token; Path=/; HttpOnly // only this will be registered.
                - refreshToken=token; Path=/; HttpOnly

You know what? leave my issue aside and try by yourself. If you able to send 2 cookies on the same response - just tell me how.

I like prism and I would lovely glad to contribute to this repository as well, but please, bare with me, I provided all you need.

Chelsea Hohmann · Answer 7 · Sat Dec 16 2023 01:26:34 GMT+0800 (China Standard Time)

@razb-viola thank you for providing most of the details we asked for. Prism is designed to only return one example value (either the first or whichever you configure in your request using the prefer header). We think in order to achieve what you're looking for, you'd have to combine both cookie values in one example:

responses:
  "201":
    description: Signed in validated successfully
    headers:
      Set-Cookie:
        schema:
          type: string
          examples: 
          - accessToken=token; Path=/; HttpOnly; refreshToken=token; Path=/; HttpOnly

Raz Buchnik · Answer 8 · Tue Dec 19 2023 04:50:43 GMT+0800 (China Standard Time)

I have tried this and it doesn't work. Only the first cookie will be saved.