add tests

Author: birkskyum

apps/tests/src/e2e/api-call.test.ts

@@ -18,5 +18,28 @@ test.describe("api calls", () => {
     expect(redirectResp.headers.get("x-event-header")).toBe("value");
     expect(redirectResp.headers.get("x-return-header")).toBe("value");
     expect(redirectResp.headers.get("x-shared-header")).toBe("event");
-  })
+  });
+
+  test("should preserve multiple Set-Cookie headers on redirect (RFC 6265)", async () => {
+
+    const response = await fetch("http://localhost:3000/api/multi-set-cookie-redirect", {
+      redirect: "manual"
+    });
+
+    expect(response.status).toBe(302);
+
+    // Use getSetCookie() to retrieve all Set-Cookie headers as an array
+    const cookies = response.headers.getSetCookie();
+
+    // We expect 3 cookies:
+    // 1. session=abc123 (from response headers)
+    // 2. csrf=xyz789 (from response headers)
+    // 3. event_cookie=from_event (from event.response headers via setHeader)
+    expect(cookies.length).toBe(3);
+
+    const cookieValues = cookies.join("; ");
+    expect(cookieValues).toContain("session=abc123");
+    expect(cookieValues).toContain("csrf=xyz789");
+    expect(cookieValues).toContain("event_cookie=from_event");
+  });
 });

apps/tests/src/routes/api/multi-set-cookie-redirect.ts

@@ -0,0 +1,17 @@
+import { setHeader } from "@solidjs/start/http";
+
+export async function GET() {
+  // Set a cookie via the event headers (this tests merging event headers)
+  setHeader("Set-Cookie", "event_cookie=from_event; Path=/");
+
+  // This tests cloning redirect responses with multiple cookies
+  const headers = new Headers();
+  headers.append("Location", "http://localhost:3000/");
+  headers.append("Set-Cookie", "session=abc123; Path=/; HttpOnly");
+  headers.append("Set-Cookie", "csrf=xyz789; Path=/");
+
+  return new Response(null, {
+    status: 302,
+    headers
+  });
+}