Handle cross-domain cookies

[grantila]

When a server tries to set a cookie with an invalid domain, tough-cookie throws. fetch-h2 should handle this.

[triblondon]

I just encountered this problem. What should happen here? I can't see anything in the fetch spec about what to do with cross-domain cookies. A quick test in Chrome, loading http://httpbin.org/response-headers?Set-Cookie=foo%3Dbar%3Bdomain%3Dexample.com%3Bmax-age%3D600%3Bpath%3D%2F does not set any cookies on either httpbin.org or example.com.

Would you accept a solution that simply catches and ignores the rejection, here: https://github.com/grantila/fetch-h2/blob/master/lib/fetch-http1.ts#L163?

[grantila]

What should happen here?

That's the question. Either fail the whole fetch request (I don't think that's right), or ignore only the invalid cookies.

Catching the exception is a good thing which we want, but not if that means losing valid cookies.

I don't know if tough-cookie actually saves valid cookies before throwing, if it does, silently catch the exception is fine. Otherwise I think we might need to parse the cookie(s) and save the valid ones, one by one.

[triblondon]

My use case in fact doesn't care about saving cookies because I'm making each request in isolation. I also wonder to what extent you need to do this to be compatible with fetch, because isn't the saving of cookies a network-layer concern below the level of fetch? I wonder if you'd consider a slight rearchitecture, so that a cookie store is a plugin, rather than a core behaviour?

[grantila]

http (at least 1) is entirely stateless, and whatever headers is being received is up to the higher layer to deal with, in this case Fetch. I will fix this soon though!