Hi everyone, like many people, I've ended up here.

I am not sure if I should give a try, is this completely stable ?

I have just had a try and configured my entrypoint with :

require('es6-promise').polyfill();
require('isomorphic-fetch');

global.fetch = require('fetch-cookie')(fetch);
global.API_URL = 'http://api-test.com:8080';
global.localStorage = window.localStorage || require('localStorage');

There are no cookie set in the request, it also remove and disable them.

I am doing requests like this:

var fetch = require('fetch-cookie')(require('node-fetch'))
var qs = require('qs')

var headers = {
    'Accept': 'application/json',
    'Accept-Charset': 'utf-8',
    'Keep-Alive': 'true',
    'X-Requested-By': 'hb_android_app',
    'User-Agent': 'Apache-HttpClient/UNAVAILABLE (java 1.4)'
}

// login, set coookies
function login(email, password){
    return fetch('https://www.humblebundle.com/login', {
        method: 'POST',
        credentials: 'include',
        headers: headers,
        body: qs.stringify({
            username: email,
            password: password
        })
    })
    .then(function(res){
        if (res.status !== 200){
            throw new Error('Could not login.')
        }
       // res.headers._headers['set-cookie'].join(';') is cookies.
        return res
    })
}

// get library
function library(){
    return fetch('https://www.humblebundle.com/home/library', {
        credentials: 'include',
        headers: headers
    })
    .then(function(res){
        return res.text()
    })
    .then(function(body){
        // ERR: I get login page because cookies aren't set.
        var m = /var gamekeys =  \[(".+")+\];/.exec(body)
        if (m){
            return JSON.parse('[' + m[0] + ']')
        }
    })
}

// test
login(process.env.HUMBLE_EMAIL, process.env.HUMBLE_PASSWORD)
    .then(library)

and no subsequent requests are using the cookies. I also tried passing an instance of tough-cookie CookieJar as second param to require('fetch-cookie')(). Am I doing something wrong?

I checked the request on Postman that's normal with two cookies but it failed on fetch() with error:
Error: Cookie failed to parse
That's really confused. Any hint will be appreciated.

This package is not compatible with node-fetch version 2.

This causes a bunch of issues:

#22 - Broken using node-fetch v2
#23 - I hit an error: Cookie failed to parse
#17 - Doesn't work if using headers object

The fixes should be minor and I'll try to implement them this week in my fork.

I see window.fetch in source, but tough-cookie is node-only, how would this be used for a client platform (supporting or not cookies)?

It is valid to call fetch with a single argument of type Request. This package does not handle that case.

There isn't any method provided to set/add cookies manually.

It is valid to call fetch with a single argument containing the URL and options together. In this case, fetch-cookie will overwrite the headers. Line 12 should be replaced with the following:

    if (typeof url === 'object') {
      opts = url
      url = opts.url
    } else
      opts = opts || {}

I get this error when i use this library:

Uncaught (in promise) TypeError: res.headers.raw is not a function at fetchCookie (index.js?a60e:41)

@valeriangalliat

I'd like to include the Travis CI I used in my fork to ensure better stability.
If you are okay with it I'd need you to enable it, my access rights are not enough to do that.
In my fork you can find the Travis YAML configuration file.

I just leave this log here, but the type definitions prevent installation in my environment. TS config also included:

➜  fp-ra-client git:(main) ✗ yarn add https://github.com/leehambley/fetch-cookie --ignore-scripts

yarn add v1.22.19
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
info No lockfile found.
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning "ts-standard > @typescript-eslint/[email protected]" has unmet peer dependency "@typescript-eslint/parser@^4.0.0".
[4/4] 🔨  Building fresh packages...
success Saved lockfile.
$ npm run build && npm run type-declarations

> [email protected] build
> esbuild src/*.ts --format=esm --outdir=esm && esbuild src/*.ts --format=cjs --outdir=cjs


  esm/index.js  7.3kb


  cjs/index.js  8.4kb


> [email protected] type-declarations
> tsc --project tsconfig.build.json --declaration --emitDeclarationOnly --outDir esm && cat esm/index.d.ts | sed 's/^export default /export = /' > cjs/index.d.ts

src/index.ts:284:33 - error TS2345: Argument of type '{ (input: RequestInfo, init?: FetchCookieInit<RequestInit> | undefined): Promise<Response>; toughCookie: typeof import("/Users/leehambley/Library/Caches/Yarn/v6/.tmp/c81626f186160b75360efa5a0bd19eb6.f90f607aeb4918327abc84fc675b337482b2abb6.prepare/node_modules/@types/tough-cookie/index"); }' is not assignable to parameter of type '(input: URL | RequestInfo, init?: RequestInit | undefined) => Promise<Response>'.
  Types of parameters 'input' and 'input' are incompatible.
    Type 'URL | RequestInfo' is not assignable to type 'RequestInfo'.
      Type 'URL' is not assignable to type 'RequestInfo'.

284     return await handleRedirect(fetchCookieWrapper, originalInit, response)
                                    ~~~~~~~~~~~~~~~~~~


Found 1 error in src/index.ts:284

error Command failed with exit code 2.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

{
  "compilerOptions": {
    "esModuleInterop": true
  }
}

Hi,

in the node-fetch decorator fetch-cookie/node-fetch the options provided by user are not passed further through redirects, is it intentional? In some authentications (e.g. google) they require to have user-agent in every redirect, otherwise it forwards to inappropriate url. I think this line:

const optsForGet = Object.assign({}, {

should be changed into:

const optsForGet = Object.assign({}, userOptions, {

Br,
hh

Is there any way to clear cookies ?

like

const fetchCookies = ....
fetchCookies.clearAll(); 

or something..?

This test fails: should handle cookies (using custom cookie jar)
Running on be1a07a with fresh project setup.

code:

    this.cookieJar = new tough.CookieJar())
    this.fetchCookie = makeFetchCookie(fetch, this.cookieJar)

"AlteonP=BGqtJSF9EKy4atdnbv0jWQ$$; isTopbarhw=true; JSESSIONID=mvJxypY_yN6dZ6VXIB5GZo_d9rfe8ujRx1Dc_TsVBPvnwlX1Ef68!1873756866; languageId=001; txtReSzTypehw=large; tree1Selected=; tree1State=; userType=2; Requestid=T19AAX%2FjQbRRcWB7Q6dp6CkT9Nsc1U9UjhcSIdQDtSc%3D"

    await this.cookieJar.setCookie(cookie, url)
    let bbb = await this.cookieJar.getCookieString(url)
    console.info(bbb)

 'AlteonP=BGqtJSF9EKy4atdnbv0jWQ$$'

Excuse me, why?

var fetch = require('fetch-cookie/node-fetch')(require('node-fetch'));
fetch('http://google.de', {}).catch(console.error); // works
fetch('http://google.de').catch(console.error); // doesn't work

The latter version throws an error:

TypeError: Cannot read property 'method' of undefined
    at …/node_modules/fetch-cookie/node-fetch.js:8:100
    at process._tickCallback (internal/process/next_tick.js:103:7)

[Tough-cookie] versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.
https://nodesecurity.io/advisories/130

Please upgrade to version 2.3.0 or above 😃

I am making a GET request against https://booking.cineworld.co.uk/booking/8014/82084, which responds with 302 redirect. However, instead of following the redirect, fetch-cookie returns response with the 302 status.

Hello,

One of my projects takes advantage of the Headers() class quite extensively. fetch-cookie tries to modify the instance, resulting in cookies not being sent.

Adjusting line 16 to the following resolves the issue:

                if (opts.headers instanceof Headers) {
                    opts.headers.append("cookie", cookie);
                } else {
                    opts.headers = Object.assign(
                        opts.headers || {},
                        cookie ? { cookie: cookie } : {},
                    );
                }

Should I make a merge request?

The current types in index.d.ts do not allow importing the node-fetch submodule (fetch-cookie/node-fetch)

Additionally, while the module supports custom cookie jar implementations, the types now restrict it to be ONLY the tough-cookie cookie jar implementation, which breaks typescript usage which was previously using a custom cookie jar since the v0.9.0 release.

const tough = require('node-fetch')

should be

const tough = require('tough-cookie');

This is due to redirects happening internally in node-fetch, and not returning to the wrapping fetch-cookie until redirection has ended. There is some discussion on this in the node-fetch issue tracker (See: node-fetch/node-fetch#94). It seems like their solution has been to add the "redirect: 'manual'" option, allowing wrapping libraries such as node-fetch to handle redirects on their own.

This also points to how it could be made to work.

I have two ideas:

1. I could extend fetch-cookie to take advantage of this option. It's certainly doable but it would also make the code less succinct and it would couple the library tightly to node-fetch instead of being a more generic fetch wrapper. Thus, it may pollute the design and goals of fetch-cookie. And, no matter how careful I am, there is always the risk of breaking stuff.
2. I could create a separate project node-fetch-cookie as an additional wrapper. It would require fetch-cookie, and it would take a node-fetch instance in its constructor in the same way that fetch-cookie does. As the name might hint, it could be a drop-in replacement for fetch-cookie, but specifically tailored to wrap node-fetch, and without the cookie-and-redirect issue.

I kind of like the second one better as it seems to be more in line with the "do one thing well" philosophy.

I would, however, appreciate any thoughts on the matter.

Hi, how can I add a specific cookie to the cookie jar?

I'm currently using the wrapper.

const nodeFetch = require('node-fetch');
const fetch = require('fetch-cookie/node-fetch')(nodeFetch); //NODE FETCH 2.6.7 //FETCH-COOKIE 1.00

I'm using puppeteer to login on a website that has a captcha and on successful log in I'm getting that puppeteer browser cookies and wanted to pass it on the cookie jar.

Thank you!

Right now this library supports 301, 302, and 303 redirect and changes the method to GET

There is also a 307 which has the unique property of retaining the method and body, so a POST will be redirected as a POST with the same body and options.

We have an auth server that returns 307s and I have modified the code and it works fine.

• add a condition for 307
• if 307, use the original userOptions with decremented follow instead of optsForGet

In your code follow redirects works fine, but when you imitate following you are forgetting about proxy agent option and custom headers like User-Agent and other.

The redirect implementation does not update the host header if the redirect is to another domain.
This will lead to strange SSL exceptions, when the host header does not match in firefox.

Here's a code sample:
https://repl.it/repls/CheapButteryBudgetrange

Let me know if it works. Click run to run.
Any idea how to fix it?

PING @valeriangalliat

If you're looking for someone to maintain this project I'd be more than happy to step up as I've seen a few issues open from last year without any replies.

I just couldn't find out how to retrieve sent Cookies after a fetch request. Is there a way to do it?

PR 55 added support for HTTP status 307 (temporary redirect with no change of method).
Should all 3XX codes be treated as redirects? Certainly my current favourite,
308 (permanent redirect), should.

Also not recognised:

• 300 Multiple Choices
• 304 Not Modified
• 305 Use Proxy

Something like:

  /**
   * @param url {string|Request}
   * @param opts
   * @returns {Promise<*>}
   */

Hi!

I am attempting to use fetch-cookie in a react native application. I get the following runtime error after I only added the import

Android Bundling failed 1662ms 
While trying to resolve module 'fetch-cookie' from file 'C:\Git\mobski\App.js', 
the package 'C:\Git\mobski\node_modules\fetch-cookie\package.json' was successfully found. 
However, this package itself specifies a 'main' module field that 
could not be resolved ('C:\Git\mobski\node_modules\fetch-cookie\index'. Indeed, none of these files exist:

C:\Git\mobski\node_modules\fetch-cookie\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)
C:\Git\mobski\node_modules\fetch-cookie\index\index(.native|.android.ts|.native.ts|.ts|.android.tsx|.native.tsx|.tsx|.android.js|.native.js|.js|.android.jsx|.native.jsx|.jsx|.android.json|.native.json|.json)

I tried running npm install in node_modules/fetch_cookie and got the following error, but im not sure if this is relevant?

> for format in esm cjs; do esbuild src/*.ts --format=$format --outdir=$format; done

format was unexpected at this time.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] build: `for format in esm cjs; do esbuild src/*.ts --format=$format --outdir=$format; done`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\yoste\AppData\Roaming\npm-cache\_logs\2022-03-15T22_56_22_810Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] prepare: `npm run build && npm run type-declarations`
npm ERR! Exit status 1

package.json looks like this:

{
  "name": "mobski",
  "version": "1.0.0",
  "main": "node_modules/expo/AppEntry.js",
  "scripts": {
    "start": "expo start",
    "android": "expo start --android",
    "ios": "expo start --ios",
    "web": "expo start --web",
    "eject": "expo eject"
  },
  "dependencies": {
    "crypto-js": "3.1.9-1",
    "expo": "~44.0.0",
    "expo-status-bar": "~1.2.0",
    "fetch-cookie": "^2.0.1",
    "node-fetch": "^3.2.3",
    "react": "17.0.1",
    "react-dom": "17.0.1",
    "react-native": "0.64.3",
    "react-native-crypto": "^2.2.0",
    "react-native-randombytes": "^3.6.1",
    "react-native-web": "0.17.1",
    "request": "^2.88.0"
  },
  "devDependencies": {
    "@babel/core": "^7.12.9",
    "rn-nodeify": "github:tradle/rn-nodeify"
  },
  "private": true
}

I have also attempted to make a metro.config.js as described in https://stackoverflow.com/questions/60124435/however-this-package-itself-specifies-a-main-module-field-that-could-not-be-r, but still same error.

I am using React-Native and Expo, developing on Windows. Running on Android emulator using Android Studio. Npm version 6.14.15 and node version 14.17.6.

Any ideas what I can attempt to solve this? Any help would be greatly appreciated

Hi! I can't find any examples, maybe somebody can help me?
I need to make a GET request to a login page, take a token from hidden input, then make a POS login request with a cookie from a previous request, then another request also should be with same session
Something like that:

const loginRequest = await fetch(loginPageUrl, {method: 'GET'}).then(resp => resp.text())

const token = parseToken(loginRequest) // own parser function

const doLogin = await fetch(loginPageUrl, {method: 'POST', body: formData}).then(resp => resp.text()) 

if(doLogin == 'success'){
 const someAnotherRequest = await fetch(actionUrl, {method: 'POST', body: someData}).then(resp => resp.text())  

 this request available only if user is logged in
}

As TypeScript 4.7 are introducing ESM support on Node.js, they also introduce a new way for reading type definition per CJS / ESM, which will be enabled if moduleResolution is Node16 or Nodenext (If module is Node16 or Nodenext, by default moduleResolution will be changed to match it).

You can see the example on the second snippets of this section:
https://devblogs.microsoft.com/typescript/announcing-typescript-4-7/#package-json-exports-imports-and-self-referencing

As a result, if module=Node16 is enabled, TypeScript cannot find the typing definition on either CommonJS or ESM.
I am making a minimal Gist to reproduce it:
https://gist.github.com/littlebtc/ef5b27f0c2d90c80c8c76e4a7dfb2176

Hey guys,

I'm working on an internal tool so I can't share a test case unfortunately (since I don't know of another server that creates this behavior). However, I thought I would toss my discovery and solution towards the project in case anyone else also discovers this issue and can provide a test case.

My Problem

Basically the server was sending a redirect request back to my app with headers that looked like this instead of a full URL:

{
.
.
.
location: /foobar/
.
.
.
}

then when node-fetch would try to create the request, Node would throw the error:
TypeError [ERR_INVALID_URL]: Invalid URL

My Solution

I wrote a little function that will return a full url using the protocol provided by the request agent and the host url provided in the request headers and then use that for the redirect URL instead of just the location header.

  /**
   * formats the URL by adding the host and protocol to the url string if the first character of the location url is '/'
   * @param {String} url 
   * @param {*} opts 
   * @returns {String}
   */
  function getRedirectUrl(url, opts){
    const firstCharacterIsSlash = url.slice(0,1) === '/';
    if(!firstCharacterIsSlash) return url;
    
    const host = opts.headers.Host;
    const protocol = opts.agent.protocol;
    return `${protocol}//${host}${url}`
  }

I can create a pull request if desired but, honestly I am unsure if this is actually the best solution since I'm not exactly an expert in this area. This just solved my problem.

[Edit] I made these updates to the node-fetch.js file

The decorator throws an exception on this line if the server returned cookies that are outside of its domain. While such cookies certainly do not belong in the jar, I would still like to get the fetched response.

await Promise.all(cookies.map((cookie) => setCookie(cookie, res.url)))

getAll has been removed in v2.

https://github.com/bitinn/node-fetch/blob/a345c398b30d2bccf54abc9c45071dece69a7bba/CHANGELOG.md

Major: remove headers.getAll(); make get() return all headers delimited by commas (per spec)

I am getting this error with the latest version or react-native 0.69

[react-native] error Failed to load configuration of your project.
[react-native] Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './package.json' is not defined by "exports" in ../node_modules/fetch-cookie/package.json
[react-native]     at throwExportsNotFound (internal/modules/esm/resolve.js:299:9)
[react-native]     at packageExportsResolve (internal/modules/esm/resolve.js:522:3)
[react-native]     at resolveExports (internal/modules/cjs/loader.js:449:36)
[react-native]     at Function.Module._findPath (internal/modules/cjs/loader.js:489:31)
[react-native]     at Function.Module._resolveFilename (internal/modules/cjs/loader.js:875:27)
[react-native]     at Function.resolve (internal/modules/cjs/helpers.js:98:19)
[react-native]     at resolveNodeModuleDir (../node_modules/@react-native-community/cli-tools/build/resolveNodeModuleDir.js:24:42)
[react-native]     at ../node_modules/@react-native-community/cli-config/build/loadConfig.js:93:76
[react-native]     at Array.reduce (<anonymous>)
[react-native]     at loadConfig (../node_modules/@react-native-community/cli-config/build/loadConfig.js:91:134)
[react-native] info Run CLI with --verbose flag for more details.
error Command failed with exit code 1.

Behaviour should be the same as with the undecorated function:

const fetch = require('node-fetch');
const decorated = require('fetch-cookie/node-fetch')(fetch);

fetch('https://tests.eckhart-woerner.de/redirect.html', {follow: 2}); // rejects
decorated('https://tests.eckhart-woerner.de/redirect.html', {follow: 2}); // resolves

This is closely related to #6:
When a request gets redirected from domain A to domain B, and domain B sets some cookies, those cookies are incorrectly stored for domain A.

Code:

import nodeFetch from 'node-fetch';
const fetch = fetchCookie(nodeFetch);

error TS2345: Argument of type 'typeof fetch' is not assignable to parameter of type 'GenericFetch<GenericRequestInfo, RequestInit, Response>'.
  Types of parameters 'url' and 'input' are incompatible.
    Type 'GenericRequestInfo' is not assignable to type 'RequestInfo'.
      Type 'GenericRequest' is not assignable to type 'RequestInfo'.
        Type 'GenericRequest' is missing the following properties from type 'Request': clone, context, headers, method, and 17 more.

versions in package.json

    "@types/node-fetch": "^2.6.1",
    "node-fetch": "^2.6.1",

This is not the correct way to handle cookies using node-fetch v2, since cookies could contain commas.

See node-fetch/node-fetch#251

Refer this: request/request#794

The typescript definition doesn't works.
See https://codesandbox.io/s/jolly-cookies-8nfzz3?file=/index.ts

• First issue
  

• After adding compilerOptions.esModuleInterop to true, 2nd issue because jar parameter is not declared as optional (while there is a provided default value see

  fetch-cookie/src/index.ts

  Line 210 in fd2e196

  jar = jar || new tough.CookieJar()

  
  

• After adding manually tough.cookieJar, 3rd issue regarding missing properties size and buffer in Request type
  

When redirect is set to 'follow' which is the default, the set-cookie inside the 302 redirect page won't be set in the cookie jar.

Hi,

As an open source project that is used by several other projects, I would suggest adding a permissive license.

Thanks

setCookie(cookieString: string, currentUrl: string, cb: (err: any) => void, opts: { ignoreError: boolean }): void;

Please correct me if I'm wrong --
The current set-cookie typings don't have the callback as the final arg, and the package promisifies that function (which needs that callback to the the final argument). Should opts and cb be swapped?

Since Node.js 17.5, we can pass --experimental-fetch to use the built-in undici fetch implementation.

Sadly even if fetch-cookie now theoretically supports WHATWG fetch standard (through response.headers.get('set-cookie') and splitCookieString), undici in most cases drop the set-cookie header, most likely because the spec says it's a forbidden header, and fetch-cookie cannot work with it.

As pointed out by @justingrant in whatwg/fetch#1384 (comment) (I'm following up here because this discussion is off topic for the linked issue), undici do expose the set-cookie header in some cases.

I confirmed on Node 17.5 and I am able to read the Set-Cookie header:

(await fetch('https://wikipedia.com/')).headers.get('set-cookie')
'WMF-Last-Access=26-Feb-2022;Path=/;HttpOnly;secure;Expires=Wed, 30 Mar 2022 12:00:00 GMT, WMF-Last-Access-Global=26-Feb-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Wed, 30 Mar 2022 12:00:00 GMT, GeoIP=...; Path=/; secure; Domain=.wikipedia.org'

That's a good news but from my testing, the set-cookie header is not always returned. It seem to be related to responseTainting and the CORS implementation of undici but I couldn't figure precisely in what conditions undici will or will not drop the set-cookie header.

Typically in the earlier URL https://wikipedia.com/, it issues a redirect to https://www.wikipedia.org/ which is the actual response setting the cookie, as shown by:

curl 'https://www.wikipedia.org/' -H 'User-Agent:' -v 2>&1 | grep -i set-cookie
< set-cookie: WMF-Last-Access=26-Feb-2022;Path=/;HttpOnly;secure;Expires=Wed, 30 Mar 2022 12:00:00 GMT
< set-cookie: WMF-Last-Access-Global=26-Feb-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Wed, 30 Mar 2022 12:00:00 GMT
< set-cookie: GeoIP=...; Path=/; secure; Domain=.wikipedia.org

But fetching that URL with undici returns null for the set-cookie header:

(await fetch('https://www.wikipedia.org/')).headers.get('set-cookie')
null

Also every test I've done on a http://localhost URL failed to return a set-cookie header with undici:

http.createServer((req, res) => res.setHeader('set-cookie', 'foo=bar').end()).listen(8080)
<ref *1> Server
(await fetch('http://localhost:8080/')).headers.get('set-cookie')
null
http.request('http://localhost:8080/', res => console.log(res.headers['set-cookie'])).end()
[ 'foo=bar' ]

And the same goes for every request I've done with redirect: 'manual', which is a requirement for fetch-cookie to do its job.

I'd love fetch-cookie to eventually work with the native Node.js fetch implementation but until we can reliably get access to the set-cookie response header this will not be possible.

Culprit:

Error:
"[webpack-cli] ModuleNotFoundError: Module not found: Error: Default condition should be last one"

Origin:
https://github.com/webpack/enhanced-resolve/blob/ddc96f8e738690166e7de77ea09c9e5aff52bb1b/lib/util/entrypoints.js#L453-L457

			if (i !== last) {
				if (condition === "default") {
					throw new Error("Default condition should be last one");
				}
			} 

Hi,

I am unfamiliar with how to use the new import syntax with this package so I was thinking it might not play nicely with the way the export was defined.

I would be happy to create a PR if this is an issue and we can decide on the correct approach since I cannot think of one that would not be a breaking change to the existing API.