Serverless-offline: cookie parsing is poor emulation of lambda

Created on 4 Apr 2018  路  2Comments  路  Source: dherault/serverless-offline

By default hapi parses cookies, but the parser can error on strange cookie values (see https://github.com/hapijs/hapi/issues/2513 for the issue, example bad cookie value: {"eid":12345%2C"email":""%2C"hash":"abcde"%2C"level":"premium"%2C"name":"a%20Premium%20user"%2C"passportid":abcd1234%2C"username":"A%20user"%2C"uuid":"00000000-0000-0000-0000-00000000"%2C"signature":"1234\%2Fabcd\%2abcd="%2C"key":"v1"%2C"refreshed":1522855575})

The above cookie causes a {"statusCode":400,"error":"Bad Request","message":"Invalid cookie value"} response locally using serverless offline, but no such problem in production.

Would setting parse: false in the HAPI options used by serverless-offline provide better emulation of production lambda?

picture wheresrhys

Most helpful comment

I solved this by visiting direct IP address in browser (i.e. 127.0.0.1 instead of localhost)

picture scaret on 22 Apr 2018
👍4

All 2 comments

I solved this by visiting direct IP address in browser (i.e. 127.0.0.1 instead of localhost)

scaret picture scaret on 22 Apr 2018
👍4

@scaret this solution is poor because then you run into all sorts of issues when trying to use SSL in development which you can't sign for IP addresses, only for domains. Then you can't use secure cookies for sessions and you're SOL.

sebastiangug picture sebastiangug on 28 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

FranzSkuffka picture FranzSkuffka  路  3Comments
adambiggs picture adambiggs  路  4Comments
conradoramalho picture conradoramalho  路  3Comments
ozbillwang picture ozbillwang  路  4Comments
davidroman0O picture davidroman0O  路  4Comments