hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1269) BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
Date Thu, 06 Dec 2012 17:43:09 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13511553#comment-13511553

Oleg Kalnichevski commented on HTTPCLIENT-1269:

One thing to be aware of, though: the BrowserCompatSpec should probably behave differently
depending on the cookie version. Netscape style (version 0) cookies should not have their
attributes enclosed in quote makes automatically (the current behaviour), whereas standard
compliant cookies (version 1) should be treated differently (as proposed).

> BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
> --------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1269
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>    Affects Versions: 4.2.2
>            Reporter: Francois-Xavier Bonnet
> When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use
quotes in the Cookie request header. As a result the header is truncated by Tomcat.
> To reproduce, I have got a servlet that creates a cookie:
> response.addCookie(new Cookie("test","aaa bbb"));
> Header in the response:
> Set-Cookie: test="aaa bbb"; Version=1
> Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2
ie8.0 and chrome23):
> Cookie: test="aaa bbb"
> BrowserCompatSpec sends the cookie without the quotes:
> Cookie: test=aaa bbb
> Then with a Tomcat 7 server the cookie gets truncated:
> request.getCookies()[0].getValue() -> aaa
> Another test:
> 		CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
> 		CookieSpec cookieSpec = new BrowserCompatSpecFactory()
> 				.newInstance(null);
> 		Header setCookieHeader = new BasicHeader("Set-Cookie",
> 				"test=\"aaa bbb\"; Version=1");
> 		System.out.println("Set-Cookie header->" + setCookieHeader);
> 		Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
> 		System.out.println("Cookie value->" + cookie.getValue());
> 		List<Cookie> cookies = new ArrayList<Cookie>();
> 		cookies.add(cookie);
> 		Header header = cookieSpec.formatCookies(cookies).get(0);
> 		System.out.println("Cookie header->" + header);
> Output of the test:
> Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
> Cookie value->aaa bbb
> Cookie header->Cookie: test=aaa bbb
> I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
> This way only the cookie values containing separators will be quoted. The change on current
behaviour is not big and we don't have to change a lot of code.
> If it is OK for everybody, I can make a patch.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message