diff --git a/src/cookies.spec.ts b/src/cookies.spec.ts index 6d6d662..881befd 100644 --- a/src/cookies.spec.ts +++ b/src/cookies.spec.ts @@ -226,7 +226,7 @@ describe("createStorageFromOptions for createServerClient", () => { return []; }, - setAll: async () => { + setAll: async (_cookies, _headers) => { setAllCalled = true; }, }, @@ -252,7 +252,7 @@ describe("createStorageFromOptions for createServerClient", () => { return []; }, - setAll: async () => { + setAll: async (_cookies, _headers) => { setAllCalled = true; }, }, @@ -280,7 +280,7 @@ describe("createStorageFromOptions for createServerClient", () => { return []; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, true, @@ -307,7 +307,7 @@ describe("createStorageFromOptions for createServerClient", () => { return []; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, true, @@ -334,7 +334,7 @@ describe("createStorageFromOptions for createServerClient", () => { return []; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, true, @@ -377,7 +377,7 @@ describe("createStorageFromOptions for createServerClient", () => { ]; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, true, @@ -418,7 +418,7 @@ describe("createStorageFromOptions for createServerClient", () => { ]; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, true, @@ -577,7 +577,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async () => {}, + setAll: async (_cookies, _headers) => {}, }, }, false, @@ -607,7 +607,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { return []; }, - setAll: async () => { + setAll: async (_cookies, _headers) => { setAllCalls += 1; }, }, @@ -640,7 +640,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async () => { + setAll: async (_cookies, _headers) => { setAllCalls += 1; }, }, @@ -682,7 +682,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async (setCookies) => { + setAll: async (setCookies, _headers) => { setAllCalls.push(...setCookies); }, }, @@ -753,7 +753,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async (setCookies) => { + setAll: async (setCookies, _headers) => { setAllCalls.push(...setCookies); }, }, @@ -828,7 +828,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async (setCookies) => { + setAll: async (setCookies, _headers) => { setAllCalls.push(...setCookies); }, }, @@ -903,7 +903,7 @@ describe("createStorageFromOptions for createBrowserClient", () => { ]; }, - setAll: async (setCookies) => { + setAll: async (setCookies, _headers) => { setAllCalls.push(...setCookies); }, }, @@ -944,6 +944,84 @@ describe("createStorageFromOptions for createBrowserClient", () => { }); }); +describe("setAll arity enforcement", () => { + it("should throw when setAll accepts zero parameters (server)", () => { + expect(() => { + createStorageFromOptions( + { + cookieEncoding: "raw", + cookies: { + getAll: async () => [], + setAll: async () => {}, + }, + }, + true, + ); + }).toThrow(/must accept two parameters/); + }); + + it("should throw when setAll accepts one parameter (server)", () => { + expect(() => { + createStorageFromOptions( + { + cookieEncoding: "raw", + cookies: { + getAll: async () => [], + setAll: async (_cookies: any) => {}, + }, + }, + true, + ); + }).toThrow(/must accept two parameters/); + }); + + it("should throw when setAll accepts zero parameters (browser)", () => { + expect(() => { + createStorageFromOptions( + { + cookieEncoding: "raw", + cookies: { + getAll: async () => [], + setAll: async () => {}, + }, + }, + false, + ); + }).toThrow(/must accept two parameters/); + }); + + it("should not throw when setAll accepts two parameters", () => { + expect(() => { + createStorageFromOptions( + { + cookieEncoding: "raw", + cookies: { + getAll: async () => [], + setAll: async (_cookies: any, _headers: any) => {}, + }, + }, + true, + ); + }).not.toThrow(); + }); + + it("should not throw for deprecated get/set/remove path", () => { + expect(() => { + createStorageFromOptions( + { + cookieEncoding: "raw", + cookies: { + get: async () => null, + set: async () => {}, + remove: async () => {}, + }, + }, + true, + ); + }).not.toThrow(); + }); +}); + describe("applyServerStorage", () => { it("should call setAll with the correct cookies for a variety of changes to the storage state", async () => { const setAllCalls: { diff --git a/src/cookies.ts b/src/cookies.ts index 88fa313..4a64c1c 100644 --- a/src/cookies.ts +++ b/src/cookies.ts @@ -115,7 +115,16 @@ export function createStorageFromOptions( getAll = async () => await cookies.getAll!(); if ("setAll" in cookies) { - setAll = cookies.setAll!; + const userSetAll = cookies.setAll!; + if (userSetAll.length < 2) { + throw new Error( + `@supabase/ssr: The setAll cookie method must accept two parameters: (cookies, headers). ` + + `Your function only accepts ${userSetAll.length}. The second parameter contains cache-control ` + + `headers that must be forwarded to the HTTP response to prevent CDNs from caching ` + + `authenticated responses. See https://supabase.com/docs/guides/auth/server-side/creating-a-client for examples.`, + ); + } + setAll = userSetAll; } else if (isServerClient) { setAll = async () => { console.warn( diff --git a/src/createServerClient.spec.ts b/src/createServerClient.spec.ts index 57496a8..c7141d6 100644 --- a/src/createServerClient.spec.ts +++ b/src/createServerClient.spec.ts @@ -14,7 +14,7 @@ describe("createServerClient", () => { return []; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { // no-op }, }, @@ -28,7 +28,7 @@ describe("createServerClient", () => { return []; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { // no-op }, }, @@ -63,7 +63,7 @@ describe("createServerClient", () => { return []; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; setCookies.push(...cookiesToSet); }, @@ -127,7 +127,7 @@ describe("createServerClient", () => { ]; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; setCookies.push(...cookiesToSet); }, @@ -221,7 +221,7 @@ describe("createServerClient", () => { ]; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; setCookies.push(...cookiesToSet); }, @@ -329,7 +329,7 @@ describe("createServerClient", () => { ]; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; }, }, @@ -410,7 +410,7 @@ describe("createServerClient", () => { ]; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; }, }, @@ -464,7 +464,7 @@ describe("createServerClient", () => { }, ]; }, - setAll() {}, + setAll(_cookiesToSet, _headers) {}, }, global: { @@ -539,7 +539,7 @@ describe("createServerClient", () => { ]; }, - setAll(cookiesToSet) { + setAll(cookiesToSet, _headers) { setAllCalls += 1; }, }, @@ -599,7 +599,7 @@ describe("createServerClient", () => { getAll() { return []; }, - setAll() {}, + setAll(_cookiesToSet, _headers) {}, }, global: { fetch: async () => {