-
-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
this.keys but no opts means cookies don't get signed #53
Comments
That seems to make sense, though I'm not sure how easy this will be to fix without including it in the major version bump, because I wonder how many people have the |
Ha was gonna remove that in the next major |
Cool, that was my suspicion. It seems weird that the existence of |
Current behavior is intended :( I wanted the next version to have |
In
Cookie.prototype.set
(https://github.com/expressjs/cookies/blob/2dcb71f130a7eaafd16e71b9af70debe11d4c93f/lib/cookies.js#L69), thesigned
variable is true ifopts.signed
orthis.keys
is truthy. However, the check for whether to sign keys or not also checks ifopts
exists.This means that if
this.keys
is truthy, butopts
is undefined, thesigned
variable will betrue
but the key still won't be signed. My expectation is they key should be signed ifsigned == true
, and it shouldn't depend on the existence ofopts
.The text was updated successfully, but these errors were encountered: