UNPKG

cookie-es

Version:

<!-- automd:badges bundlejs packagephobia codecov -->

github.com/unjs/cookie-es

unjs/cookie-es

265 lines 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
/** * Parse options. */ interface CookieParseOptions { /** * Specifies a function that will be used to decode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1). * Since the value of a cookie has a limited character set (and must be a simple string), this function can be used to decode * a previously-encoded cookie value into a JavaScript string. * * The default function is the global `decodeURIComponent`, wrapped in a `try..catch`. If an error * is thrown it will return the cookie's original value. If you provide your own encode/decode * scheme you must ensure errors are appropriately handled. * * @default decode */ decode?: (str: string) => string | undefined; /** * Custom function to filter parsing specific keys. */ filter?(key: string): boolean; /** * When enabled, duplicate cookie names will return an array of values * instead of only the first value. */ allowMultiple?: boolean; } /** * Cookies object. */ type Cookies = Record<string, string | undefined>; /** * Cookies object when `allowMultiple` is enabled. */ type MultiCookies = Record<string, string | string[] | undefined>; /** * Stringify options. */ interface CookieStringifyOptions { /** * Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1). * Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode * a value into a string suited for a cookie's value, and should mirror `decode` when parsing. * * @default encodeURIComponent */ encode?: (str: string) => string; /** * Specifies a function that will be used to coerce non-string values to a string. * * @default JSON.stringify */ stringify?: (value: unknown) => string; } /** * Set-Cookie object. */ interface SetCookie { /** * Specifies the name of the cookie. */ name: string; /** * Specifies the string to be the value for the cookie. */ value: string | undefined; /** * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2). * * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, * so if both are set, they should point to the same date and time. */ maxAge?: number; /** * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1). * When no expiration is set, clients consider this a "non-persistent cookie" and delete it when the current session is over. * * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, * so if both are set, they should point to the same date and time. */ expires?: Date; /** * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3). * When no domain is set, clients consider the cookie to apply to the current domain only. */ domain?: string; /** * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4). * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4). */ path?: string; /** * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6). * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`. */ httpOnly?: boolean; /** * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5). * When enabled, clients will only send the cookie back if the browser has an HTTPS connection. */ secure?: boolean; /** * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/). * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches. * * This is an attribute that has not yet been fully standardized, and may change in the future. * This also means clients may ignore this attribute until they understand it. More information * about can be found in [the proposal](https://github.com/privacycg/CHIPS). */ partitioned?: boolean; /** * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). * * - `'low'` will set the `Priority` attribute to `Low`. * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set. * - `'high'` will set the `Priority` attribute to `High`. * * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1). */ priority?: "low" | "medium" | "high"; /** * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). * * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. * * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7). */ sameSite?: boolean | "lax" | "strict" | "none"; } /** * Backward compatibility serialize options. */ type CookieSerializeOptions = CookieStringifyOptions & Omit<SetCookie, "name" | "value">; /** * Parse a `Cookie` header string into an object. * * The object has cookie names as keys and decoded values as values. * First occurrence wins for duplicate names unless `allowMultiple` is set. * * @param str - The `Cookie` header string to parse. * @param options - Parsing options (`decode`, `filter`, `allowMultiple`). * @returns A prototype-less object of cookie name-value pairs. */ declare function parse(str: string, options: CookieParseOptions & { allowMultiple: true; }): MultiCookies; declare function parse(str: string, options?: CookieParseOptions): Cookies; /** * Stringify a cookies object into an HTTP `Cookie` header string. * * @param cookie - An object of cookie name-value pairs. * @param options - Stringify options (`encode`). * @returns A `Cookie` header string (e.g. `"foo=bar; baz=qux"`). */ declare function stringifyCookie(cookie: Cookies, options?: CookieStringifyOptions): string; /** * Serialize a cookie into a `Set-Cookie` header string. * * Accepts either a name-value pair with options or a `SetCookie` object. * Non-string values are coerced to strings. Validates name, value, domain, * and path against RFC 6265bis. * * @example * ```js * serialize("foo", "bar", { httpOnly: true }); * // => "foo=bar; HttpOnly" * * serialize({ name: "foo", value: "bar", secure: true }); * // => "foo=bar; Secure" * ``` */ declare function serialize(cookie: SetCookie, options?: CookieStringifyOptions): string; declare function serialize(name: string, val: unknown, options?: CookieSerializeOptions): string; interface SetCookieParseOptions { /** * Custom decode function to use on cookie values. * * By default, `decodeURIComponent` is used. * * **Note:** If decoding fails, the original (undecoded) value will be used */ decode?: false | ((value: string) => string); } interface SetCookie$1 { /** * Cookie name */ name: string; /** * Cookie value */ value: string; /** * Cookie path */ path?: string | undefined; /** * Absolute expiration date for the cookie */ expires?: Date | undefined; /** * Relative max age of the cookie in seconds from when the client receives it (integer or undefined) * * Note: when using with express's res.cookie() method, multiply maxAge by 1000 to convert to milliseconds */ maxAge?: number | undefined; /** * Domain for the cookie, * May begin with "." to indicate the named domain or any subdomain of it */ domain?: string | undefined; /** * Indicates that this cookie should only be sent over HTTPs */ secure?: boolean | undefined; /** * Indicates that this cookie should not be accessible to client-side JavaScript */ httpOnly?: boolean | undefined; /** * Indicates a cookie ought not to be sent along with cross-site requests */ sameSite?: true | false | "lax" | "strict" | "none" | undefined; /** * Indicates that the cookie should be stored using partitioned storage * * See https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies */ partitioned?: boolean | undefined; /** * Indicates the priority of the cookie * * See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#prioritylow_medium_high */ priority?: "low" | "medium" | "high" | undefined; [key: string]: unknown; } /** * Parse a [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object. * * Returns `undefined` for cookies with forbidden names (prototype pollution protection) * or when both name and value are empty (RFC 6265bis sec 5.7). * * @param str - The `Set-Cookie` header string to parse. * @param options - Parsing options (`decode`). * @returns A `SetCookie` object with all parsed attributes, or `undefined`. */ declare function parseSetCookie(str: string, options?: SetCookieParseOptions): SetCookie$1 | undefined; /** * Split comma-joined `Set-Cookie` header strings into individual cookie strings. * * Correctly handles commas within cookie attributes like `Expires` dates * by checking for `=` after a comma to determine if it's a cookie separator. * * @param cookiesString - A comma-joined `Set-Cookie` string or array of strings. * @returns An array of individual `Set-Cookie` strings. * * @see https://tools.ietf.org/html/rfc2616#section-4.2 */ declare function splitSetCookieString(cookiesString: string | string[]): string[]; export { type CookieParseOptions, type CookieSerializeOptions, type CookieStringifyOptions, type Cookies, type MultiCookies, type SetCookie, type SetCookieParseOptions, parse, parse as parseCookie, parseSetCookie, serialize, serialize as serializeCookie, splitSetCookieString, stringifyCookie };