Skip to content

fix(514): fix compatibility with rack 3 #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
deril wants to merge 3 commits into
base: feature-7.2
Choose a base branch
from
Open

fix(514): fix compatibility with rack 3 #555

deril wants to merge 3 commits into from
+17 −8

Conversation

@deril
Copy link

@deril deril commented May 20, 2025

All PRs:

  • Has tests
  • Documentation updated

fixes #514 by adding compatibility with Rack 3 which doesn't support muplitple headers joined with \n

deril added 2 commits May 20, 2025 12:37
@deril
fix(cookies): fix compatibility with rack 3
945055b 
Do not join cookies with new like if they weren't before
@deril
fix(middleware): ensure headers are wrapped with Rack::Headers
1031d51 
Add `Rack::Headers` wrapping to middleware to
prevent header manipulation issues. Added a test
to verify cookies remain as an array when flagged
if already in array format.
Copilot AI review requested due to automatic review settings May 20, 2025 11:24
Copilot AI reviewed May 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes compatibility with Rack 3 by updating the handling of cookie headers, ensuring that cookies passed as either an array or a newline-delimited string are correctly processed.

  • Update test expectations to use newline-delimited strings for cookie headers
  • Modify middleware to handle cookies based on their original type (array vs. string)
  • Add a new test to verify that an array remains an array after processing

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
spec/lib/secure_headers/middleware_spec.rb Updates test cases for handling cookie header formats
lib/secure_headers/middleware.rb Adjusts cookie processing logic for Rack 3 compatibility
Comments suppressed due to low confidence (1)

spec/lib/secure_headers/middleware_spec.rb:86

  • [nitpick] Ensure that this test also covers possible edge cases, such as improper formatting or unexpected delimiters in the cookie header, to provide comprehensive validation of the splitting logic.
cookie_middleware = Middleware.new(lambda { |env| [200, env.merge("Set-Cookie" => "_session=foobar\n_guest=true"), "app"] })

@fletchto99 fletchto99 changed the base branch from main to feature-7.2 December 15, 2025 23:31
@fletchto99 fletchto99 requested a review from a team December 16, 2025 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SecureHeaders middleware erases all cookies in Rack 3 due to \n joining

2 participants

@deril @fletchto99