Serverless-offline: Cookie with JSON string value considered invalid by Hapi/Statehood

Anyone...? Should I go ask Hapi guys instead?

I just raised a duplicate *closed now). For the record, here's my description of the problem, with a solution:

By default hapi parses cookies, but the parser can error on strange cookie values (see hapijs/hapi#2513 for the issue, example bad cookie value:

{"eid":12345%2C"email":""%2C"hash":"abcde"%2C"level":"premium"%2C"name":"a%20Premium%20user"%2C"passportid":abcd1234%2C"username":"A%20user"%2C"uuid":"00000000-0000-0000-0000-00000000"%2C"signature":"1234\%2Fabcd\%2abcd="%2C"key":"v1"%2C"refreshed":1522855575})

The above cookie causes a {"statusCode":400,"error":"Bad Request","message":"Invalid cookie value"} response locally using serverless offline, but no such problem in production.

Would setting parse: false in the HAPI options used by serverless-offline provide better emulation of production lambda?

@daniel-cottone I suggested that serverless-offline should set an option parse: false to
a) avoid the hapi issue
b) emulate apigateway more closely

How is this 'not a plugin issue'?

@wheresrhys @FreeWillaert There is no answer in this issue, but you can disable cookie validation by passing along --disableCookieValidation when you run serverless offline.

@petermorlion this doesn't seem to work anymore.

Switching to 127.0.0.1:3000 when testing works but then you can't really use secure cookies as you can't sign a certificate for an IP address.

@michaelbats What version of serverless-offline and hapi are you using? We haven't encountered that yet, but we might still be on an older version.

@petermorlion i'm on the latest currently :( will make a demo later on, for now I have disabled secure cookies in dev and SSL