res.cookie option with sameSite 'none' throws TypeError: option sameSite is invalid at Object.serialize #653
Comments
|
Thanks for reporting this @matjazonline. Could you also share which version of firebase-functions you are using? This does look like a similar issue to the one that you found from Express - however, its not immediately clear to me which package is causing it here. According to that issue, this was fixed in [email protected], which firebase-functions has been using for 10 months now: https://github.com/firebase/firebase-functions/blame/master/package.json#L43 I'm going to do some further testing to see if I can repro this and figure out which package we need to update to stop this error. |
|
Hi Joehan,
I'm using [email protected] and there is also [email protected] in the same
node_modules directory.
…On Wed, 8 Apr 2020 at 19:02, joehan ***@***.***> wrote:
Thanks for reporting this @matjazonline <https://github.com/matjazonline>.
Could you also share which version of firebase-functions you are using?
This does look like a similar issue to the one that you found from Express
- however, its not immediately clear to me which package is causing it
here. According to that issue, this was fixed in ***@***.***, which
firebase-functions has been using for 10 months now:
https://github.com/firebase/firebase-functions/blame/master/package.json#L43
From the debug logs you shared, I think this could be coming from the cors
package. The latest version is 2.8.5, which came out right around when
***@***.*** was released, but we are on 2.8.4, which is 3 years old.
Going to investigate/test further to see if we can fix this by updating
cors to 2.8.5
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#653 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIKMJWOWWWJNWEUACWQJOTRLSU4FANCNFSM4L2HXDTA>
.
|
|
@joehan we also hit this: We have The stack trace how ever matches the lines in older cookie lib version, so for some reason the versions are not honored when deployed to CF? Running with |
|
You can check here: https://github.com/jshttp/cookie/pull/89/files that the lines match cookie lib < 1.4.0 being used in CF. |
|
@matjazonline for the time being, you can write raw cookies (multiple) like this: etc. |
|
Did anyone fix this issue ? |
|
The functions-framework, which I believe the Firebase functions are run on, uses Had similar problems with |
Related issues
I found the issue for Express framework
expressjs/express#3958
and looks it was fixed there.
[REQUIRED] Version info
node: v10.16.3
firebase-tools:
8.0.0.
[REQUIRED] Test case
export const sameSiteCookie = functions.https.onRequest((req, res) => {
cors(req, res, () => {
const expiresIn = 60 * 60 * 24 * 5 * 1000;
const options: any = {
maxAge: expiresIn,
httpOnly: true,
secure: true,
sameSite: 'none',
};
res.cookie('testCKI', 'value123', options);
res.end(JSON.stringify({
data: {
status: 'success'
}
}));
});
});
[REQUIRED] Steps to reproduce
calling the cloud function above
[REQUIRED] Expected behavior
set cookie value to SameSite=Never
[REQUIRED] Actual behavior
TypeError: option sameSite is invalid at Object.serialize (/worker/node_modules/cookie/index.js:174:15) at ServerResponse.res.cookie (/worker/node_modules/express/lib/response.js:853:36) at cors (/srv/lib/index.js:106:13) at cors (/srv/node_modules/cors/lib/index.js:188:7) at /srv/node_modules/cors/lib/index.js:224:17 at originCallback (/srv/node_modules/cors/lib/index.js:214:15) at /srv/node_modules/cors/lib/index.js:219:13 at optionsCallback (/srv/node_modules/cors/lib/index.js:199:9) at corsMiddleware (/srv/node_modules/cors/lib/index.js:204:7) at exports.sessionLogin.functions.https.onRequest (/srv/lib/index.js:98:5)
Were you able to successfully deploy your functions?
no error messages seen
The text was updated successfully, but these errors were encountered: