cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brendon (JIRA)" <>
Subject [jira] [Commented] (CXF-6862) Quoted path field in Cookies appears to be ignored by Chrome and Firefox
Date Fri, 08 Apr 2016 14:39:25 GMT


Brendon commented on CXF-6862:

Hi Sergey,

Thanks for looking at this so quickly!

We pass the root path (/) to the NewCookie as a string without escaped quotes e.g. new NewCookie(etc,
"/", etc).

I wasn't very clear but when I mentioned that Firefox interprets the cookie as ""/"", I meant
that if you inspect the cookie in developer tools it shows the / within double quotes but
this probably isn't so important.

The main thing is that the cookie was sent to the browser on the root path but the browser
was storing it under the current path e.g. /login.
Navigating to another page would then not include the cookie (unless it was under the previous
e.g. /login/profile would pass the cookie but /profile wouldn't.

I will check the latest snapshot when I get a chance and get let you know.

> Quoted path field in Cookies appears to be ignored by Chrome and Firefox
> ------------------------------------------------------------------------
>                 Key: CXF-6862
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.1.5, 3.1.6
>            Reporter: Brendon
> I am attempting to update a project from v3.1.4 to v3.1.6 which includes a fix for RFC
2109 compliance ( but have hit a problem.
> The problem is that since 3.1.5, the cookie path field is wrapped in quotations if it
has a special character. This quoted path appears to be ignored by Firefox and Chrome (it
does work in Safari though).
> Example:
> Our code base is setting path=/ to specify the root path.
> This gets wrapped in quotations in NewCookieHeaderProvider's toString and sent to the
browser (Firefox). 
> Firefox then sees it as ""/"" and ignores it (presumable as "/" is not a valid path).
> The cookie is then set on the current path and not the root path.
> This was not an issue in 3.1.4

This message was sent by Atlassian JIRA

View raw message