- From: Yard-nonpolitical801 <notifications@github.com>
- Date: Mon, 20 Oct 2025 14:20:07 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/1384/3423759827@github.com>
Yard-nonpolitical801 left a comment (whatwg/fetch#1384)
> Hey there! 👋 [fetch-cookie](https://github.com/valeriangalliat/fetch-cookie) maintainer here :)
>
> We do support redirects (although I'm currently working on improving that part as it's not perfectly compliant), but only for the node-fetch specific wrapper `require('fetch-cookie/node-fetch')`. As far as I can remember, when the redirect logic was contributed years ago, node-fetch allowed `redirect: 'manual'` but I don't think such a mechanism was part of the official spec yet, and I didn't want to tie the library specifically to node-fetch.
>
> I realized recently that `redirect: 'manual'` is now officially supported so I'm gonna make handling cookies in redirects the default in the next major version.
>
> That being said, fetch-cookie cannot currently work with undici because the `set-cookie` header is not exposed by the `fetch` API (as per [spec](https://fetch.spec.whatwg.org/#forbidden-response-header-name)) so in reality fetch-cookie can only be used alongside node-fetch for now.
>
> If the Node.js implementation ever allows userland code to read the `set-cookie` header then it should work seamlessly with future fetch-cookie versions including redirects.
>
> **That being said I do support the feature request in the original message.** I wrote fetch-cookie 7 years ago as what I thought would be a "temporary workaround" and now hundreds of people depend on it. Anything that makes it obsolete would make me more than happy, and that `CookieStore` proposition would definitely help.
>
> > So, realistically, I'd expect that most cookie-needing Node apps will rely on an (as yet unwritten?) library that wraps `fetch` and handles cookies and redirects. Hopefully this library will not have security or perf problems!
>
> The main issue I have with a `fetch` wrapper is that the redirect logic must be re-implemented. [node-fetch does a fantastic job at handling redirects](https://github.com/node-fetch/node-fetch/blob/5e78af3ba7555fa1e466e804b2e51c5b687ac1a2/src/index.js#L169) and I'm pretty sure undici does too, so it makes me sad to have to bypass that upstream redirect implementation in order to re-implement it in the wrapper. This is error prone and requires duplicated efforts in maintenance.
>
> One thing that I've been dreaming about recently that would help with that is a way to properly wrap `fetch`. Typically `fetch` implementations are recursive when following redirects (e.g. [in node-fetch](https://github.com/node-fetch/node-fetch/blob/5e78af3ba7555fa1e466e804b2e51c5b687ac1a2/src/index.js#L231)) and if we had a way to recurse through the wrapper, we would be able to have cookies in redirects without requiring the wrapper to set `redirect: 'manual'` and re-implementing the whole redirect logic. I'm not sure if that's something desirable for the `fetch` spec itself but that would certainly help making a reliable wrapper where the redirect logic would be guaranteed to be consistent with the upstream implementation.
https://locale3.github.io/1SsN6Q6RScOw2e4fH3yjZXo4/
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1384#issuecomment-3423759827
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/fetch/issues/1384/3423759827@github.com>
Received on Monday, 20 October 2025 21:20:11 UTC