Skip to content

fix: reject unsafe-integer maxAge in stringifySetCookie#286

Open
spokodev wants to merge 1 commit into
jshttp:masterfrom
spokodev:fix/wave5-hunt
Open

fix: reject unsafe-integer maxAge in stringifySetCookie#286
spokodev wants to merge 1 commit into
jshttp:masterfrom
spokodev:fix/wave5-hunt

Conversation

@spokodev

@spokodev spokodev commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

stringifySetCookie guards maxAge with Number.isInteger, but that accepts integers >= 1e21, which String() renders in exponential notation. The result is a Max-Age that breaks the RFC 6265 §5.2.2 grammar (max-age-value = 1*DIGIT):

stringifySetCookie({ name: "foo", value: "bar", maxAge: 1e21 })
// => "foo=bar; Max-Age=1e+21"   (invalid; no compliant parser accepts it)

The guard exists precisely to guarantee a valid header (it already rejects Infinity/NaN/non-integers), so letting these values through defeats its purpose. It also corrupts a parse -> serialize round-trip: Max-Age=<22 digits> is a valid header a server may send, parseSetCookie reads it as 1e21, and re-serializing yields the broken output above.

Switching to Number.isSafeInteger keeps the emitted value a plain integer (safe integers are <= 2^53, well below the exponential threshold) and still accepts every realistic Max-Age. All existing cases (0, -1, 1000, and the Infinity/3.14/non-number throw cases) are unaffected.

Adds a regression test.

Number.isInteger accepts values >= 1e21, which String() renders in
exponential notation (e.g. 1e+21), producing an invalid Max-Age that
violates the RFC 6265 grammar (max-age-value = 1*DIGIT). Use
Number.isSafeInteger so the emitted value is always a plain integer.
@codecov

codecov Bot commented Jul 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4898ba2) to head (64f9cd1).
⚠️ Report is 40 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##            master      #286   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines          160       193   +33     
  Branches        69        83   +14     
=========================================
+ Hits           160       193   +33     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant