Unable to set more than one cookie
I'm submitting a ...
I confirm that I
Multiple Set-Cookie headers with different names should be allowed to set with Controller.setHeader() method
Controller.setHeader() method now adds new header to the object with signature:
{ [name: string]: string | undefined }
Which makes impossible to add multiple headers of the same type. But it should be possible, at least for Set-Cookies header RFC6265
Change the signature of headers property in Controller to { [name: string]: string | undefined }[]
Change templates for routes with support for set Multiple headers
Sorry about my lack of knowledge here. Does this only apply to Set-Cookie or are there other headers the server should provide multiple times without folding them?
I've made some investigations about the subject.
This applies at least Set-Cookie header, but definitely there could be few more, especially taking into account mess in the related standards and definitions
Another thing I discovered: Issue can(and probably should) be solved just by allowing Controller.setHeader() method to accept an array of strings but not only strings.
For Express and Koa middleware templates, this wouldn't need any changes. But looks like Hapi.js middleware template should be changed to accept header value as an array of string but not a single string.
Bump, I have this exact same issue. I want to use passport jwt with tsoa which requires me to set both the token and the refreshToken from the login endpoint. i.e.:,
this.setHeader('Set-Cookie', `token=${authToken}; HttpOnly`)
this.setHeader('Set-Cookie', `refreshToken=${refreshToken}; HttpOnly`)
Currently this results in only the refreshToken being set, because there can be only one Set-Cookie header.
I tried to checkout the tsoa code and make relevant changes for a PR, but unfortunately I don't undestrand the code of tsoa well enough to make that change.
@lassemon At least with express, you can actually pass an array of strings to setHeader.
We used it in our project.
You should be able to do :
this.setHeader('Set-Cookie', [`token=${authToken}; HttpOnly`, `refreshToken=${refreshToken}; HttpOnly`]);
Typescript will complain, as theoretically the method accepts string | undefined , but you can add a "typescript ignore comment" for now, such as // @ts-expect-error.
So you would end up with
// @ts-expect-error
this.setHeader('Set-Cookie', [`token=${authToken}; HttpOnly`, `refreshToken=${refreshToken}; HttpOnly`]);
@tsimbalar Yes thank you!!
I was/am indeed using express and the above solution works! This solved my problem for now.
Most helpful comment
I've made some investigations about the subject.
This applies at least
Set-Cookieheader, but definitely there could be few more, especially taking into account mess in the related standards and definitionsAnother thing I discovered: Issue can(and probably should) be solved just by allowing
Controller.setHeader()method to accept an array of strings but not only strings.For Express and Koa middleware templates, this wouldn't need any changes. But looks like Hapi.js middleware template should be changed to accept header value as an array of string but not a single string.