madmurphy / cookies.js Goto Github PK

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies

I didn't see the support for HttpOnly, so attempted a PR (#6).

Hi,

I have a case were I use getItem on a cookie that is not compatible with decodeURIComponent().

I should be able to pass a flag to getItem and setItem to avoid the URIComponent conversion.

For example /[\-\.\+\*]/g
Better /[-.+*]/g

For example /^(?:expires|max\-age|path|domain|secure)$/i
Better /^(?:expires|max-age|path|domain|secure)$/I

For example /((?:^|\s*;)[^\=]+)(?=;|$)|^\s*|\s*(?:\=[^;]*)?(?:\1|$)/g
Better /((?:^|\s*;)[^=]+)(?=;|$)|^\s*|\s*(?:=[^;]*)?(?:\1|$)/g

I can't seem to find one.

In case this is not published, what do you think about publishing it?

FireSail#reap4d

Over stocks hordes lease or lean
Shift electronic trades to release values

Originally posted by @Lyricalidy023ust in omarion-sullivan-sci/omarion-matthew-sci.github.io#1

On setItem method, the use of max-age isn't compatible with any version of Internet Explorer, Edge and a lot of Mobile browsers (as sugested by MDN Document.cookie).

Maybe you could alter line 37 with something like this:
sExpires = vEnd === Infinity ? "; expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; expires=" + new Date(new Date().getTime() + vEnd).toUTCString();
that has full browser support.

Thanks a lot.
Best regards.

Looks like the typescript declaration file was created in #4 but there doesn't seem to be any mapping of it in the package.json file, so it doesn't work when importing the library.

There's a 4 kilobyte size limit on any given cookie, anything larger will not be saved by Chomium (and probably most other standards compliant browsers).

Attempting to set a cookie larger than the 4kB limit via docCookies.setItem method will fail, despite the method returning true. I believe false should be returned in this scenario.

I believe docCookies.setItem should be modified to actually validate that the new value exists in the cookiejar before returning true. Hopefully that should also help cover any other odd edge cases where the browser silently rejects the cookie assignment.

Hey @madmurphy

have you considered publishing the package on NPM? Couldn't find any reference for this. This would make it easier to use.

Cheers,
Peter

Hello!
I'd like to contribute, but I don't see any instructions how you minify the code? Do you use tasks from Grunt, Gulp or do you use UglifyJS natively? May be you should publish your configuration file?

#c

I tried it out on this codepen and it doesn't appear to persist. Does it still work? Am I using it wrong?

const count = docCookies.getItem('count') || 0
document.body.innerHTML = count
docCookies.setItem('count', count + 1) 

The new "clear" function doesn't work in IE11 and the loading of the library casues a JS error in the loading time.

Please check the compatibility of the for..of on this page:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for...of
(ECMAScript 2015 (6th Edition, ECMA-262))

There is another way to do this:

  clear: function (sPath, sDomain) {
    var that = this;
    this.keys().forEach(function (sKey) { that.removeItem(sKey, sPath, sDomain); });
  } 

The forEach can be replaced with a simple for loop.

This will be optional in Chrome.

"Cookies marked SameSite=None should also be marked Secure."
https://www.chromestatus.com/feature/5088147346030592

https://stackoverflow.com/questions/1239470/restrictions-of-gpl-on-javascript-libraries

I am not a lawyer. I have talked to lawyers about using the GPL and LGPL for code to be interpreted / dynamically linked into non-free software. We all got big headaches. The question isn't just whether you have to release the rest of your site under GPL. It's whether a non-free browser can legally run GPL code.
My best non-legal advice is to never try to use the GPL on Javascript code. I'd never release a Javascript library under GPL, and if I found some code I wanted to use I'd try to get the author to give me an exception. The LGPL may be a better choice, but that license is so complex I suggest avoiding it as well.
The FSF themselves have an answer for you in their FAQ If a programming language interpreter has a license that is incompatible with the GPL, can I run GPL-covered programs on it?. That answer itself is frustratingly ambiguous, but it suggests paths where you could run GPL code in a non-GPL browser. You may also find the FSF essay The Javascript Trap interesting, although again it doesn't really give a clear answer to your question.
For context, it helps to remember that the GPL and LPGL were written in the Unix era when most everything was statically linked. No dynamic linking, no interpreted languages where the scripts themselves were considered valuable intellectual property, etc.

You have distributed the JavaScript library to the user; you are required to comply with the GPL's requirements on distribution then. Whether this requires you to distribute the rest of the website is where things get complicated - I'd advise you to talk with a competent lawyer about your exact situation if you're even thinking about going that route, and keep in mind that this is at least violating the spirit of the licence, whether or not it violates the letter of the license as well.

emphasis mine

This a great library. Thanks for creating this. Do you mind dual-licensing this under MIT also, or changing to an MIT license?

https://opensource.org/licenses/MIT

I would like to use this on a few projects that I am working on, however we aren't allowed to use GPL software, for whatever reason. Unfortunately, I don't have control over that decision.

Thanks for your help!