From d54fadbd74d9d52f322bd16fe06a4d143e390e94 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Thu, 13 Feb 2025 14:23:35 -0500 Subject: [PATCH] feat: remove read signedCookies and cookies --- index.js | 31 ----------------------------- test/session.js | 53 ++++--------------------------------------------- 2 files changed, 4 insertions(+), 80 deletions(-) diff --git a/index.js b/index.js index d41b2378..df8af0d5 100644 --- a/index.js +++ b/index.js @@ -559,37 +559,6 @@ function getcookie(req, name, secrets) { } } - // back-compat read from cookieParser() signedCookies data - if (!val && req.signedCookies) { - val = req.signedCookies[name]; - - if (val) { - deprecate('cookie should be available in req.headers.cookie'); - } - } - - // back-compat read from cookieParser() cookies data - if (!val && req.cookies) { - raw = req.cookies[name]; - - if (raw) { - if (raw.substr(0, 2) === 's:') { - val = unsigncookie(raw.slice(2), secrets); - - if (val) { - deprecate('cookie should be available in req.headers.cookie'); - } - - if (val === false) { - debug('cookie signature invalid'); - val = undefined; - } - } else { - debug('cookie unsigned') - } - } - } - return val; } diff --git a/test/session.js b/test/session.js index 7bf3e51f..e6170499 100644 --- a/test/session.js +++ b/test/session.js @@ -2310,10 +2310,10 @@ describe('session()', function(){ }) describe('cookieParser()', function () { - it('should read from req.cookies', function(done){ + it('shouldn\'t read from req.cookies', function(done){ var app = express() .use(cookieParser()) - .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() }) + .use(function(req, res, next){ delete req.headers.cookie; next() }) .use(createSession()) .use(function(req, res, next){ req.session.count = req.session.count || 0 @@ -2328,56 +2328,11 @@ describe('session()', function(){ request(app) .get('/') .set('Cookie', cookie(res)) - .expect(200, '2', done) - }) - }) - - it('should reject unsigned from req.cookies', function(done){ - var app = express() - .use(cookieParser()) - .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() }) - .use(createSession({ key: 'sessid' })) - .use(function(req, res, next){ - req.session.count = req.session.count || 0 - req.session.count++ - res.end(req.session.count.toString()) - }) - - request(app) - .get('/') - .expect(200, '1', function (err, res) { - if (err) return done(err) - request(app) - .get('/') - .set('Cookie', 'sessid=' + sid(res)) .expect(200, '1', done) }) }) - it('should reject invalid signature from req.cookies', function(done){ - var app = express() - .use(cookieParser()) - .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() }) - .use(createSession({ key: 'sessid' })) - .use(function(req, res, next){ - req.session.count = req.session.count || 0 - req.session.count++ - res.end(req.session.count.toString()) - }) - - request(app) - .get('/') - .expect(200, '1', function (err, res) { - if (err) return done(err) - var val = cookie(res).replace(/...\./, '.') - request(app) - .get('/') - .set('Cookie', val) - .expect(200, '1', done) - }) - }) - - it('should read from req.signedCookies', function(done){ + it('shouldn\'t read from req.signedCookies', function(done){ var app = express() .use(cookieParser('keyboard cat')) .use(function(req, res, next){ delete req.headers.cookie; next() }) @@ -2395,7 +2350,7 @@ describe('session()', function(){ request(app) .get('/') .set('Cookie', cookie(res)) - .expect(200, '2', done) + .expect(200, '1', done) }) }) })