Comments (4)
Nope, won't fix. The reason is this is a bag of things. Think about this: you want to call req.cookes.doSomething()
, well, a user can send you a cookie named doSomething
and now you code will throw a type error.
from cookie-parser.
You really do not need to worry about this as it is specific to the application logic and the developer should take these into considerations. Using the null prototype is causing libraries like sugar.js to break which is a bad thing in terms of basic compatibility with other libraries. I would really appreciate thinking about it again or at least give the option as a parameter or in a separate version?
from cookie-parser.
I'm sorry, it is not up for consideration, because it was changed mainly due to major security vulnerabilities. Changing it back will just cause another CVE and we have to change it back.
Feel free to publish a fork that dies not use a null prototype; the code is MIT licensed.
from cookie-parser.
Eventually we are going to change it to use a ES6 Map object, when it is more supported, which is in the opposite direction you want; typically the only issues caused by null prototype is simply unfamiliarity with how JavaScript works, especially not knowing how to use the "call" method. For example:
if (Object.prototype.hasOwnProperty.call(req.cookies, 'key'))
is the correct way to interact with a map, regardless of if it has a null prototype or not (and having a null prototype just calls out bad/incorrect code).
from cookie-parser.
Related Issues (20)
- Cookie Parser not reading signed cookies HOT 2
- Reading duplicated cookies HOT 5
- Docs on signedCookie seem to be off HOT 1
- How to sign a cookie manually? HOT 1
- create and remove cookies HOT 1
- Specific cookie kinda broken HOT 7
- cookieParser.signedCookie seems to not work properly HOT 5
- How to change/set domain, seems impossible? HOT 1
- Cookies values with "j:" prefix should not be parsed as JSON by default HOT 4
- signedCookie is unlikely to be used correctly HOT 1
- How do I clear the cookie(s)? HOT 1
- Inaccurate docs about JSONCookie, JSONCookies, signedCookie and signedCookies HOT 3
- Clear Cookies Feature? HOT 1
- My cookies automatically expire after 30 minutes HOT 1
- Get Metadata from cookie HOT 1
- [ FEATURE ] Support for ES6 imports HOT 1
- Provide types for the cookies in typescript HOT 5
- cookie 0.5.0 HOT 2
- Cookies not setting in production HOT 5
- Node.js v20.9.0 fetch API can't get set-cookie header set by cookie-parser HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookie-parser.