You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -36,15 +36,13 @@ const cookies = cookie.parse("foo=bar; equation=E%3Dmc%5E2");
36
36
37
37
##### decode
38
38
39
-
Specifies a function that will be used to decode a cookie's value. Since the value of a cookie
40
-
has a limited character set (and must be a simple string), this function can be used to decode
39
+
Specifies a function that will be used to decode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
40
+
Since the value of a cookie has a limited character set (and must be a simple string), this function can be used to decode
41
41
a previously-encoded cookie value into a JavaScript string.
42
42
43
-
The default function is the global `decodeURIComponent`, which will decode any URL-encoded
44
-
sequences into their byte representations.
45
-
46
-
If an error is thrown from this function, the original, non-decoded cookie value will
47
-
be returned as the cookie's value.
43
+
The default function is the global `decodeURIComponent`, wrapped in a `try..catch`. If an error
44
+
is thrown it will return the cookie's original value. If you provide your own encode/decode
45
+
scheme you must ensure errors are appropriately handled.
Specifies a function that will be used to encode a cookie's value. Since value of a cookie
67
-
has a limited character set (and must be a simple string), this function can be used to encode
68
-
a value into a string suited for a cookie's value.
64
+
Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
65
+
Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode
66
+
a value into a string suited for a cookie's value, and should mirror `decode` when parsing.
69
67
70
-
The default function is the global `encodeURIComponent`, which will encode a JavaScript string
71
-
into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range.
68
+
The default function is the global `encodeURIComponent`.
72
69
73
70
##### maxAge
74
71
75
72
Specifies the `number` (in seconds) to be the value for the [`Max-Age``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2).
76
-
The given number will be converted to an integer by rounding down. By default, no maximum age is set.
77
73
78
74
The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
79
75
`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
@@ -82,8 +78,7 @@ so if both are set, they should point to the same date and time.
82
78
##### expires
83
79
84
80
Specifies the `Date` object to be the value for the [`Expires``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1).
85
-
By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
86
-
will delete it on a condition like exiting a web browser application.
81
+
When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over.
87
82
88
83
The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
89
84
`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
@@ -92,49 +87,41 @@ so if both are set, they should point to the same date and time.
92
87
##### domain
93
88
94
89
Specifies the value for the [`Domain``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3).
95
-
By default, no domain is set, and most clients will consider the cookie to apply to only the current domain.
90
+
When no domain is setclients consider the cookie to apply to the current domain only.
96
91
97
92
##### path
98
93
99
-
Specifies the value for the [`Path``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4). By default, the path
100
-
is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
94
+
Specifies the value for the [`Path``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
95
+
When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
101
96
102
97
##### httpOnly
103
98
104
-
Specifies the `boolean` value for the [`HttpOnly``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6). When truthy,
105
-
the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
106
-
107
-
Be careful when setting this to `true`, as compliant clients will not allow client-side
108
-
JavaScript to see the cookie in `document.cookie`.
99
+
Enables the [`HttpOnly``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6).
100
+
When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`.
109
101
110
102
##### secure
111
103
112
-
Specifies the `boolean` value for the [`Secure``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5). When truthy,
113
-
the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
114
-
115
-
Be careful when setting this to `true`, as compliant clients will not send the cookie back to
116
-
the server in the future if the browser does not have an HTTPS connection.
104
+
Enables the [`Secure``Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5).
105
+
When enabled, clients will only send the cookie back if the browser has a HTTPS connection.
117
106
118
107
##### partitioned
119
108
120
-
Specifies the `boolean` value for the [`Partitioned``Set-Cookie`](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/)
121
-
attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
122
-
`Partitioned` attribute is not set.
109
+
Enables the [`Partitioned``Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/).
110
+
When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches.
123
111
124
112
This is an attribute that has not yet been fully standardized, and may change in the future.
125
-
This also means many clients may ignore this attribute until they understand it. More information
113
+
This also means clients may ignore this attribute until they understand it. More information
126
114
about can be found in [the proposal](https://github.com/privacycg/CHIPS).
127
115
128
116
##### priority
129
117
130
-
Specifies the `string` to be the value for the [`Priority``Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
118
+
Specifies the value for the [`Priority``Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
131
119
132
120
-`'low'` will set the `Priority` attribute to `Low`.
133
121
-`'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
134
122
-`'high'` will set the `Priority` attribute to `High`.
135
123
136
-
More information about the different priority levels can be found in
More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
138
125
139
126
##### sameSite
140
127
@@ -145,8 +132,7 @@ Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ie
145
132
-`'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
146
133
-`'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
147
134
148
-
More information about the different enforcement levels can be found in
More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
* Specifies a function that will be used to decode a cookie's value. Since
75
-
* the value of a cookie has a limited character set (and must be a simple
76
-
* string), this function can be used to decode a previously-encoded cookie
77
-
* value into a JavaScript string.
74
+
* Specifies a function that will be used to decode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
75
+
* Since the value of a cookie has a limited character set (and must be a simple string), this function can be used to decode
76
+
* a previously-encoded cookie value into a JavaScript string.
78
77
*
79
-
* Note: if an error is thrown from this function, the original, non-decoded
80
-
* cookie value will be returned as the cookie's value.
78
+
* The default function is the global `decodeURIComponent`, wrapped in a `try..catch`. If an error
79
+
* is thrown it will return the cookie's original value. If you provide your own encode/decode
80
+
* scheme you must ensure errors are appropriately handled.
* Specifies a function that will be used to encode a cookie's value. Since
159
-
* value of a cookie has a limited character set (and must be a simple string),
160
-
* this function can be used to encode a value into a string suited for a cookie's value.
158
+
* Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
159
+
* Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode
160
+
* a value into a string suited for a cookie's value, and should mirror `decode` when parsing.
161
161
*
162
162
* @default encodeURIComponent
163
163
*/
164
164
encode?: (str: string)=>string;
165
165
/**
166
166
* Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2).
167
-
* The given number will be converted to an integer by rounding down. By default, no maximum age is set.
168
167
*
169
168
* The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
170
169
* `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
* Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1).
176
-
* By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
177
-
* will delete it on a condition like exiting a web browser application.
175
+
* When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over.
178
176
*
179
177
* The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
180
178
* `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
* Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3).
186
-
* By default, no domain is set, and most clients will consider the cookie to apply to only the current domain.
184
+
* When no domain is setclients consider the cookie to apply to the current domain only.
187
185
*/
188
186
domain?: string;
189
187
/**
190
-
* Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4). By default, the path
191
-
* is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
188
+
* Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
189
+
* When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
192
190
*/
193
191
path?: string;
194
192
/**
195
-
* Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy,
196
-
* the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
197
-
*
198
-
* Be careful when setting this to `true`, as compliant clients will not allow client-side
199
-
* JavaScript to see the cookie in `document.cookie`.
193
+
* Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6).
194
+
* When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`.
200
195
*/
201
196
httpOnly?: boolean;
202
197
/**
203
-
* Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5). When truthy,
204
-
* the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
205
-
*
206
-
* Be careful when setting this to `true`, as compliant clients will not send the cookie back to
207
-
* the server in the future if the browser does not have an HTTPS connection.
198
+
* Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5).
199
+
* When enabled, clients will only send the cookie back if the browser has a HTTPS connection.
208
200
*/
209
201
secure?: boolean;
210
202
/**
211
-
* Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/)
212
-
* attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
213
-
* `Partitioned` attribute is not set.
203
+
* Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/).
204
+
* When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches.
214
205
*
215
206
* This is an attribute that has not yet been fully standardized, and may change in the future.
216
-
* This also means many clients may ignore this attribute until they understand it. More information
207
+
* This also means clients may ignore this attribute until they understand it. More information
217
208
* about can be found in [the proposal](https://github.com/privacycg/CHIPS).
* More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
* More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
0 commit comments