Description
Bug Report
Current behavior
When using the edge-runtime package with the code below, the second cookie auth_2=456 is ignored due to the set-cookie being concatenated.
❗️ Set-Cookie header field-values are sometimes comma joined in one string. This is uncommon, but explicitly allowed - see https://tools.ietf.org/html/rfc2616#section-4.2
import { runServer, EdgeRuntime } from 'edge-runtime'
const runtime = new EdgeRuntime({
initialCode: `
async function handleRequest(request) {
const headers = new Headers([['Set-Cookie', 'auth_1=123; SameSite=Lax; HttpOnly, auth_2=456; SameSite=Lax; HttpOnly']]);
return new Response('Hello world, string cookie!!!', {
headers,
status: 200,
});
}
addEventListener('fetch', (event) => {
event.respondWith(handleRequest(event.request));
});
`,
})
const server = await runServer({ runtime, port: 3333, host: '0.0.0.0' })
console.log(`Listening at ${server.url}`)Expected behavior/code
Let the concatenated cookies be split like this with the splitCookiesString.
Possible solution
The possible solution is that you can use the splitCookiesString (needs to be exported for use) found in the @edge-runtime/cookies package and inserted into the toNodeHeaders of the edge-runtime package like below:
Original Code: https://github.com/vercel/edge-runtime/blob/main/packages/runtime/src/server/create-handler.ts#L117
Suggestion:
// The `toNodeHeaders` function converts headers from the browser format to the Node.js format.
// Here, we modify it to split concatenated Set-Cookie values using `splitCookiesString` from the `@edge-runtime/cookies` package.
function toNodeHeaders(headers?: Headers): NodeHeaders {
const result: NodeHeaders = {}
if (headers) {
for (const [key, value] of headers.entries()) {
result[key] =
key?.toLowerCase() === 'set-cookie' ? splitCookiesString(value) : value
}
}
return result
}Additional context/screenshots
I can work on that if it makes sense for the package. 😉