Skip to content

Commit fc7bb10

Browse files
nzakasnzakas
committed
fix: Remove unused HttpOnly flag for cookies
1 parent fb96bf1 commit fc7bb10

File tree

2 files changed

+3
-18
lines changed

2 files changed

+3
-18
lines changed

docs/src/content/docs/fetch-mockers/mocking-browser-requests.mdx

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -115,13 +115,12 @@ credentials.setCookie({
115115
value: "abc123",
116116
path: "/admin", // defaults to "/"
117117
sameSite: "none", // defaults to "lax"
118-
secure: true, // defaults to false
119-
httpOnly: true // defaults to false
118+
secure: true // defaults to false
120119
});
121120
```
122121

123122
<Aside type="note">
124-
Real cookies also allow you to specify an expiration date but that's not useful for testing purposes and so is not supported.
123+
Real cookies also allow you to specify an expiration date and `HttpOnly` flag, but neither is useful for testing purposes and so are not supported.
125124
</Aside>
126125

127126
<Aside type="caution">

src/cookie-credentials.js

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ import { parseUrl } from "./util.js";
2828
* @property {string} [domain] The domain of the cookie.
2929
* @property {string} [path] The path of the cookie.
3030
* @property {boolean} [secure] The secure flag of the cookie.
31-
* @property {boolean} [httpOnly] The HTTP-only flag of the cookie.
3231
* @property {SameSiteType} [sameSite] The SameSite attribute of the cookie.
3332
*/
3433

@@ -106,12 +105,6 @@ class Cookie {
106105
*/
107106
secure;
108107

109-
/**
110-
* The HTTP-only flag of the cookie.
111-
* @type {boolean}
112-
*/
113-
httpOnly;
114-
115108
/**
116109
* The SameSite attribute of the cookie.
117110
* @type {SameSiteType}
@@ -124,9 +117,8 @@ class Cookie {
124117
* @param {string} options.name The name of the cookie.
125118
* @param {string} options.value The value of the cookie.
126119
* @param {string|undefined} options.domain The domain of the cookie.
127-
* @param {string} [options.path=""] The path of the cookie.
120+
* @param {string} [options.path="/"] The path of the cookie.
128121
* @param {boolean} [options.secure=false] The secure flag of the cookie.
129-
* @param {boolean} [options.httpOnly=false] The HTTP-only flag of the cookie.
130122
* @param {SameSiteType} [options.sameSite="lax"] The SameSite attribute of the cookie.
131123
*/
132124
constructor({
@@ -135,7 +127,6 @@ class Cookie {
135127
domain,
136128
path = "/",
137129
secure = false,
138-
httpOnly = false,
139130
sameSite = "lax",
140131
}) {
141132
assertValidDomain(domain);
@@ -155,7 +146,6 @@ class Cookie {
155146
this.domain = /** @type {string} */ (domain);
156147
this.path = path;
157148
this.secure = secure;
158-
this.httpOnly = httpOnly;
159149
this.sameSite = sameSite;
160150
}
161151

@@ -262,10 +252,6 @@ class Cookie {
262252
cookieString += `; Secure`;
263253
}
264254

265-
if (this.httpOnly) {
266-
cookieString += `; HttpOnly`;
267-
}
268-
269255
return cookieString + "]";
270256
}
271257

0 commit comments

Comments
 (0)