hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HTTPCLIENT-1269) BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
Date Sat, 08 Dec 2012 12:15:21 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski resolved HTTPCLIENT-1269.

       Resolution: Fixed
    Fix Version/s: 4.2.3

Patch committed to SVN trunk and 4.2.x branch.

Many thanks, Francois-Xavier, for contributing it.

> BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
> --------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1269
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpCookie
>    Affects Versions: 4.2.2
>            Reporter: Francois-Xavier Bonnet
>             Fix For: 4.2.3
>         Attachments: BrowserCompatSpec_patch.txt
> When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use
quotes in the Cookie request header. As a result the header is truncated by Tomcat.
> To reproduce, I have got a servlet that creates a cookie:
> response.addCookie(new Cookie("test","aaa bbb"));
> Header in the response:
> Set-Cookie: test="aaa bbb"; Version=1
> Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2
ie8.0 and chrome23):
> Cookie: test="aaa bbb"
> BrowserCompatSpec sends the cookie without the quotes:
> Cookie: test=aaa bbb
> Then with a Tomcat 7 server the cookie gets truncated:
> request.getCookies()[0].getValue() -> aaa
> Another test:
> 		CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
> 		CookieSpec cookieSpec = new BrowserCompatSpecFactory()
> 				.newInstance(null);
> 		Header setCookieHeader = new BasicHeader("Set-Cookie",
> 				"test=\"aaa bbb\"; Version=1");
> 		System.out.println("Set-Cookie header->" + setCookieHeader);
> 		Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
> 		System.out.println("Cookie value->" + cookie.getValue());
> 		List<Cookie> cookies = new ArrayList<Cookie>();
> 		cookies.add(cookie);
> 		Header header = cookieSpec.formatCookies(cookies).get(0);
> 		System.out.println("Cookie header->" + header);
> Output of the test:
> Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
> Cookie value->aaa bbb
> Cookie header->Cookie: test=aaa bbb
> I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
> This way only the cookie values containing separators will be quoted. The change on current
behaviour is not big and we don't have to change a lot of code.
> If it is OK for everybody, I can make a patch.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message