hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois-Xavier Bonnet (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1269) BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
Date Thu, 06 Dec 2012 16:20:09 GMT
Francois-Xavier Bonnet created HTTPCLIENT-1269:

             Summary: BrowserCompatSpec: cookies values containing spaces are forwarded without
                 Key: HTTPCLIENT-1269
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpCookie
    Affects Versions: 4.2.2
            Reporter: Francois-Xavier Bonnet

When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use quotes
in the Cookie request header. As a result the header is truncated by Tomcat.

To reproduce, I have got a servlet that creates a cookie:
response.addCookie(new Cookie("test","aaa bbb"));

Header in the response:
Set-Cookie: test="aaa bbb"; Version=1

Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2 ie8.0
and chrome23):
Cookie: test="aaa bbb"

BrowserCompatSpec sends the cookie without the quotes:
Cookie: test=aaa bbb

Then with a Tomcat 7 server the cookie gets truncated:
request.getCookies()[0].getValue() -> aaa

Another test:
		CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
		CookieSpec cookieSpec = new BrowserCompatSpecFactory()
		Header setCookieHeader = new BasicHeader("Set-Cookie",
				"test=\"aaa bbb\"; Version=1");
		System.out.println("Set-Cookie header->" + setCookieHeader);
		Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
		System.out.println("Cookie value->" + cookie.getValue());
		List<Cookie> cookies = new ArrayList<Cookie>();
		Header header = cookieSpec.formatCookies(cookies).get(0);
		System.out.println("Cookie header->" + header);

Output of the test:
Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
Cookie value->aaa bbb
Cookie header->Cookie: test=aaa bbb

I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
This way only the cookie values containing separators will be quoted. The change on current
behaviour is not big and we don't have to change a lot of code.

If it is OK for everybody, I can make a patch.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message