Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why does setCookie require a URL when a Cookie has its domain and path set? #180

Open
issuefiler opened this issue Jan 1, 2020 · 6 comments
Assignees
Labels
FeatureRequest minor We expect this work to be a minor semver change

Comments

@issuefiler
Copy link

What’s the point? Cookies are filtered out when you do getCookies(url); so really, what is the point?

@awaterma
Copy link
Member

awaterma commented Jan 6, 2020

I think this would make a good enhancement; we do parse the cookie once it's been passed. I'll bring this up for discussion.

@awaterma awaterma added FeatureRequest minor We expect this work to be a minor semver change labels Jan 6, 2020
@dennismphil dennismphil self-assigned this Jan 13, 2020
@GrinZero
Copy link

I think this is stupid. There are all kinds of data in the cookie. Why do I need to pass other parameters? Do setcookie need any additional parameters?

@awaterma
Copy link
Member

Let's try and keep the language in our repository positive, @GrinZero! We explain these standards in our code of conduct here:

https://github.com/salesforce/tough-cookie/blob/30246e6c039f91ca33fab2046ffdf7a2d3d8c33c/CODE_OF_CONDUCT.md#our-standards

Please let me know if you have a pull request or change you would like to submit; we are slowly looking at and working over these issues as time goes on, but would love more help from the community.

@GrinZero
Copy link

GrinZero commented Apr 1, 2022

Sorry, I just want to highlight that this is unreasonable, not to vent my emotions

@awaterma
Copy link
Member

awaterma commented Apr 1, 2022

I'll try and pick up this issue when I can next @GrinZero; I think @dennismphil got busy with other work, and we left this behind. But I agree; our API should be easier to use, and not require redundant information.

@suryavaddiraju
Copy link

suryavaddiraju commented Jun 13, 2024

in tough-cookie these methods require url parameter due to the reasons mentioned below

setCookie

  • The received cookie params need to match with your current working url such whether to accept them or reject them
  • Insecure sites (with http: in the URL) can't set cookies with the Secure attribute
  • A Server can not send cookie out of their domain and restricted to send only within their domain as a value in the cookie. E.g. a server response from google.co.in cannot set domain=google.com in the cookie header. for such that we need to know from which url this cookie header received.

getCookies

  • To know for which url you are requesting the cookies
  • To know whether you are accessing through http or https
  • To also match with subdomains
  • To know for which path you are accessing
  • and so on

For more refer this document
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
FeatureRequest minor We expect this work to be a minor semver change
Projects
None yet
Development

No branches or pull requests

5 participants