-
Notifications
You must be signed in to change notification settings - Fork 27.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.getSetCookie() and .get('set-cookie') methods are both broken on headers() #54033
Comments
Great find, currently blocking a major release for us. Related: nextauthjs/next-auth#7443 (comment) |
Although the HTTP spec says so, the https://fetch.spec.whatwg.org/#dom-headers-get Hence the introduction of As for TypeScript, it's still missing from the official types microsoft/TypeScript#55270 but we can probably extend it via Related: vercel/edge-runtime#536 Also note, To sum it up, it looks like we have to make sure |
Upon some further investigation, it turns out that the only (new) issue here is the missing typings for You are setting response headers in your middleware, and |
So the type is actually out in |
Thanks for looking into it @balazsorban44! |
This closed issue has been automatically locked because it had no new activity for 2 weeks. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
Verify canary release
Provide environment information
Operating System: Platform: darwin Arch: arm64 Version: Darwin Kernel Version 23.0.0: Tue Aug 1 03:25:51 PDT 2023; root:xnu-10002.0.242.0.6~31/RELEASE_ARM64_T6000 Binaries: Node: 20.2.0 npm: 9.8.1 Yarn: N/A pnpm: N/A Relevant Packages: next: 13.4.15 eslint-config-next: 13.4.15 react: 18.2.0 react-dom: 18.2.0 typescript: 5.1.6 Next.js Config: output: N/A
Which area(s) of Next.js are affected? (leave empty if unsure)
App Router, Middleware / Edge (API routes, runtime), TypeScript (plugin, built-in types)
Link to the code that reproduces this issue or a replay of the bug
https://codesandbox.io/p/sandbox/fervent-bird-ylrc3x?file=/app/page.tsx
To Reproduce
headers().get('set-cookie')
in a React Server Component.headers().getSetCookie()
(which can be called, even though its TypeScript definition is missing from Next.js)headers.get('set-cookie')
returns a value (albeit incorrect) for the Set-Cookie header.Describe the Bug
The
headers().get('set-cookie')
method concatenates multiple values into a single comma-separated string, which is incorrect behavior and explicitly violates the HTTP specification:The
headers().getSetCookie()
method returns an empty array whenheaders().get('set-cookie')
does notTypeScript definitions for
headers().getSetCookie()
are missingThis blocks applications from reading cookies that are updated by middleware as part of the same request, which is a common flow for use cases such as token refreshing (see discussions like #50374, #38650)
Expected Behavior
headers().get('set-cookie')
method should not concatenate multiple values into a single comma-separated stringheaders().getSetCookie()
method (spec) should return a non-empty array, containing the separate values of the multipleSet-Cookie
headersWhich browser are you using? (if relevant)
N/A
How are you deploying your application? (if relevant)
N/A
NEXT-1523
The text was updated successfully, but these errors were encountered: