alex1990 / tiny-cookie Goto Github PK
View Code? Open in Web Editor NEWA tiny cookie manipulation plugin for the browser.
License: MIT License
A tiny cookie manipulation plugin for the browser.
License: MIT License
I notice in package.json, module
field is the source code of the project, this means when use a build tools support es6 module (like webpack), the build tools would directly import the source code, which might cause some problems with UglifyJs.
For example, in webpack, when we use a babel loader, we usually exclude the node_modules to improve the build speed, so this means when we import tiny-cookie in webpack, the imported code is still in es6, and UglifyJs doesn't support es6.
My suggestion is we can have another folder(like lib
), the code should transpile to es5 but it's in es6 module style.
Sorry for my poor english.
encoder
parameter of the set
method as the last one.getJSON
and setJSON
methods.get
method supports getting multiple cookie values. For example, get(['foo', 'bar'])
.set
method supports setting multiple cookie pairs. For example, set({ foo: 'Foo', bar: 'Bar' })
.The cookie is path aware. So clearing all cookies is impossible with the set path. Besides, this demand is rarely come across in web applications.
For security reasons, it would be nice to be able to set the SameSite
attribute on a cookie as per:
https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
There is a CookieStore API spec: https://wicg.github.io/cookie-store/.
Hi, when trying to remove a cookie which is marked secure with specific path, the removeCookie
function fails because the function ignores the secure
and path
option. To get around, the code would have to use setCookie
Line 6 in 443b2f8
Causes a critical failure for es6 imports.
diff --git a/tiny-cookie.js b/tiny-cookie.js
index 69541d5..1cd479b 100644
--- a/tiny-cookie.js
+++ b/tiny-cookie.js
@@ -116,7 +116,7 @@
Cookie.get = function(key, raw) {
if (typeof key !== 'string' || !key) return null;
- key = '(?:^|; )' + escapeRe(key) + '(?:=([^;]*?))?(?:;|$)';
+ key = '(?:^|; )' + escapeRe(key) + '(?:=([^;]*))?(?:;|$)';
var reKey = new RegExp(key);
var res = reKey.exec(document.cookie);
The asterisk already means 0 or N. Can we remove the question mark?
Since I moved to the latest version 2.4.0 and build the project and try to run it in production mode the site throws this error:
The project is built in SvelteKit.
(node:49975) Warning: To load an ES module, set "type": "module" in the package.json or use the .mjs extension. (Use
node --trace-warnings ... to show where the warning was created) This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). The promise rejected with the reason: /Projects/sveltekit-sk/node_modules/tiny-cookie/dist/tiny-cookie.esm.js:168 export { get, getAll, getAll as getAllCookies, get as getCookie, getRaw, getRaw as getRawCookie, isEnabled as isCookieEnabled, isEnabled, remove, remove as removeCookie, set, set as setCookie, setRaw, setRaw as setRawCookie };
src
for ES2015+ code, lib
for ES5 code, dist
for release code.References
Currently remove
sets the cookie value to 'a'
which is confusing and means (among other things) calling get
afterwards returns a value which isn't expected if you've just removed the cookie.
I can't find anything online indicating that it's a bad idea to set a cookie without a value (it seems that omitting the =
is being debated, but foo=;
should be completely valid).
Use toUTCString()
instead of toGMTString
.
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toGMTString
If you haven't set the path
option, it will be current path.
Importing tiny-cookie
via babel appears to return undefined
in v2.0.1:
https://gist.github.com/mogelbrod/2b0dc06094fae5ce460889d89bec5c62
babel-node index.js
outputs undefined
for me using the set up defined in the gist above.
Installed npm modules:
$ npm list --depth 1
[email protected] /Users/victor/src/test-cookie
├─┬ [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ └── [email protected]
├─┬ [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ └── [email protected]
└── [email protected]
"main" in package.json seems to point to lib/tiny-cookie.js
, but there is no such file. Is there some reasoning behind this? To get the library to work with browserify, I added the following to my package.json:
"browser": {
"tiny-cookie": "tiny-cookie/dist/tiny-cookie.js"
},
While, in actually, JSON encoding and decoding is used rarely with cookie. At least, I never use it. But we can support it with an abstract transformer. JSON.stringify
and encodeURIComponent
are both encode transformer, JSON.parse
and decodeURIComponent
are both decode transformer. So we can make the code concise and extensible.
See the MDN's document: Secure and HttpOnly cookies
Or is this impossible, considering this is a JS lib?
At the moment setCookie
takes 4 arguments (only 3 of them are documented though).
encoder
is an optional argument but for some reason, it's not the last one. And it results in inconsistency:
setCookie('key', 'value'); // encoder == encodeURIComponent
but
setCookie('key', 'value', { domain: 'some.domain' }); // encoder == null
So, I would suggest to make encoder
the last argument and also document it.
I can create a PR.
I noticed that after upgrading to version 2.0, this package is no longer working in IE 11.
See related issue in uglify: mishoo/UglifyJS#3394
feature request: would be nice if there was a /dist/tiny-cookie.umd.js
builld.
Thanks!
-Ben
I am unable to remove cookies that have been set with a custom domain using the remove
function, instead having to call set
with a negative expires
value.
One solution would be to allow options
to be passed to remove
.
tinyCookie.set('test', '1', {expires: 180, domain: 'custom.tld'}) // exposes cookie on *.custom.tld
tinyCookie.remove('test') // doesn't remove cookie
tinyCookie.set('test', '1', {expires: -1, domain: 'custom.tld'}) // removes cookie
When scanning a site which uses tiny-cookie
through a service like https://www.onetrust.com/, we see an increased number in the reports of the @key@
-cookie.
That's because the @key@
-cookie is set to a relative path (eg. /features/foo
, /features/bar
) instead of a root path /
.
Lines 4 to 19 in 6fcecdb
Would you be open to a change, where the cookie path is updated to root (/
)?
The changes would look like this:
- document.cookie = `${key}=${value}`;
+ document.cookie = `${key}=${value}; path=/`;
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.