Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
, secured = cookie.secure && tls
, isNew = unsignedCookie != req.sessionID;
// only send secure cookies via https
if (cookie.secure && !secured) return debug('not secured');
// browser-session length cookie
if (null == cookie.expires) {
if (!isNew) return debug('already set browser-session cookie');
// compare hashes and ids
} else if (originalHash == hash(req.session) && originalId == req.session.id) {
return debug('unmodified session');
}
var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
});
function setsecret(req, res, sessionKey, val, cookie) {
if (cookie) {
// set secret on cookie
if (cookie.signed) {
var secret = req.secret
if (!secret) {
throw new Error('cookieParser("secret") required for signed cookies')
}
val = 's:' + sign(val, secret)
}
setcookie(res, cookie.key, val, cookie);
} else if (req[sessionKey]) {
// set secret on session
req[sessionKey].csrfSecret = val
} else {
/* istanbul ignore next: should never actually run */
throw new Error('misconfigured csrf')
}
}
res.cookie = function(name, val, options){
options = mixin({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = this.get('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {
headerVal = prev.concat(headerVal);
} else {
headerVal = [prev, headerVal];
}
}
res.cookie = function(name, val, options){
options = merge({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = this.get('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {
headerVal = prev.concat(headerVal);
} else {
headerVal = [prev, headerVal];
}
}
options = merge({}, options);
var secret = req.secret;
var signed = options.signed;
if (signed && !secret) {
throw new Error('cookieParser("secret") required for signed cookies');
}
if ('number' === typeof val) {
val = val.toString();
}
if ('object' === typeof val) {
val = 'j:' + JSON.stringify(val);
}
if (signed) {
val = 's:' + sign(val, secret);
}
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) {
options.path = '/';
}
var headerVal = cookie.serialize(name, String(val), options);
// supports multiple 'res.cookie' calls by getting previous value
var prev = res.getHeader('Set-Cookie');
if (prev) {
if (Array.isArray(prev)) {
, tls = req.connection.encrypted || (trustProxy && 'https' == proto)
, secured = cookie.secure && tls
, isNew = unsignedCookie != req.sessionID;
// only send secure cookies via https
if (cookie.secure && !secured) return debug('not secured');
// browser-session length cookie
if (null == cookie.expires) {
if (!isNew) return debug('already set browser-session cookie');
// compare hashes and ids
} else if (originalHash == hash(req.session) && originalId == req.session.id) {
return debug('unmodified session');
}
var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
});
res.cookie = function (name, value, options) {
var opts = merge({}, options);
var secret = this.req.secret;
var signed = opts.signed;
if (signed && !secret) {
throw new Error('cookieParser("secret") required for signed cookies');
}
var val = typeof value === 'object'
? 'j:' + JSON.stringify(value)
: String(value);
if (signed) {
val = 's:' + sign(val, secret);
}
if ('maxAge' in opts) {
opts.expires = new Date(Date.now() + opts.maxAge);
opts.maxAge /= 1000;
}
if (opts.path == null) {
opts.path = '/';
}
this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
return this;
};
res.cookie = function(name, val, options){
options = utils.merge({}, options);
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
if ('number' == typeof val) val = val.toString();
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) {
options.expires = new Date(Date.now() + options.maxAge);
options.maxAge /= 1000;
}
if (null == options.path) options.path = '/';
this.set('Set-Cookie', cookie.serialize(name, String(val), options));
return this;
};
export function pack (value: any, secretKey?: string): null | string {
if (value === undefined || value === null) {
return null
}
if (value instanceof Date) {
value = value.toJSON()
} else if (typeof (value) !== 'string') {
value = `j:${JSON.stringify(value)}`
}
/**
* If secret is defined, then sign the cookie
*/
if (secretKey) {
return `s:${cookieSignature.sign(value, secretKey)}`
}
return value
}
res.cookie = function(name, val, options){
options = options || {};
var secret = this.req.secret;
var signed = options.signed;
if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
if (signed) val = 's:' + sign(val, secret);
if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
if (null == options.path) options.path = '/';
this.set('Set-Cookie', cookie.serialize(name, String(val), options));
return this;
};