Return-Path: 
 <dev-return-33311-apmail-hc-dev-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-dev-archive@www.apache.org
Delivered-To: apmail-hc-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 379C518DE6
	for <apmail-hc-dev-archive@www.apache.org>;
 Mon, 14 Dec 2015 18:34:47 +0000 (UTC)
Received: (qmail 78603 invoked by uid 500); 14 Dec 2015 18:34:47 -0000
Delivered-To: apmail-hc-dev-archive@hc.apache.org
Received: (qmail 78560 invoked by uid 500); 14 Dec 2015 18:34:47 -0000
Mailing-List: contact dev-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hc.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hc.apache.org>
List-Post: <mailto:dev@hc.apache.org>
List-Id: <dev.hc.apache.org>
Reply-To: "HttpComponents Project" <dev@hc.apache.org>
Delivered-To: mailing list dev@hc.apache.org
Received: (qmail 78548 invoked by uid 99); 14 Dec 2015 18:34:47 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Dec 2015 18:34:46 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id B568A2C1F56
	for <dev@hc.apache.org>; Mon, 14 Dec 2015 18:34:46 +0000 (UTC)
Date: Mon, 14 Dec 2015 18:34:46 +0000 (UTC)
From: "Oleg Kalnichevski (JIRA)" <jira@apache.org>
To: dev@hc.apache.org
Message-ID: <JIRA.12921525.1450040915000.16701.1450118086739@Atlassian.JIRA>
In-Reply-To: <JIRA.12921525.1450040915000@Atlassian.JIRA>
References: <JIRA.12921525.1450040915000@Atlassian.JIRA>
 <JIRA.12921525.1450040915161@arcas>
Subject: [jira] [Resolved] (HTTPCLIENT-1706) Domain starting with "." in a
 cookie makes CookieSpec#match fails for subdomain
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1706.
-------------------------------------------
    Resolution: Invalid

As the test case in question only assigns effective domain but does not assign the actual attribute value the RFC6265 policy rejects the coolie due to a requirement of section 4.1.2.3 
{noformat}
4.1.2.3.
...
If the server omits the Domain attribute, the user
agent will return the cookie only to the origin server.

WARNING: Some existing user agents treat an absent Domain
attribute as if the Domain attribute were present and contained
the current host name. For example, if example.com returns a Set-
Cookie header without a Domain attribute, these user agent will
erroneously send the cookie to www.example.com as well.
{noformat} 

The test case passes if the following line is added to the test setup

{code:java}
cookie1.setAttribute(ClientCookie.DOMAIN_ATTR, ".apache.org");
{code}

Oleg

> Domain starting with "." in a cookie makes CookieSpec#match fails for subdomain
> -------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1706
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1706
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.5.1
>            Reporter: Philippe Mouawad
>
> Following:
> http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201512.mbox/%3CCAH9fUpYn6BDFUMA6qq-q4ioFsSQvd%2BFrLJCiSJXaAxnw1ZsBtg%40mail.gmail.com%3E
> When migrating from HTTPCLIENT3 to HC4.5.1 (issue is also in HC4.2.3), we have an issue in behaviour of RFC6265 org.apache.http.client.config.CookieSpec
> Following test fails:
> {code:java}
>     @Test
>     public void testDomainStartingWithDot() {
>         final BasicClientCookie cookie1 = new BasicClientCookie("id", "value");
>         cookie1.setPath("/");
>         cookie1.setDomain(".apache.org");
>         cookie1.setSecure(false);
>         cookie1.setExpiryDate(new Date(9999999999L));
>         
>         URL url;
>         try {
>             url = new URL("http://jakarta.apache.org/index.html");
>             String host = url.getHost();
>             int port= 80;
>             String path = url.getPath();
>             boolean isSecure=false;
>     
>             
>             CookieOrigin cookieOrigin = new CookieOrigin(host, port, path, isSecure);
>     
>             PublicSuffixMatcher publicSuffixMatcher = PublicSuffixMatcherLoader.getDefault();
>             Registry<CookieSpecProvider> registry  = 
>                     RegistryBuilder.<CookieSpecProvider>create()
>                     .register(CookieSpecs.STANDARD, new RFC6265CookieSpecProvider(publicSuffixMatcher))
>                     .build();
>             HttpClientContext context = HttpClientContext.create();
>             CookieSpec cookieSpec = registry.lookup(CookieSpecs.STANDARD).create(context);
>     
>             Assert.assertTrue(cookieSpec.match(cookie1, cookieOrigin));
>         } catch (MalformedURLException e) {
>             Assert.fail(e.getMessage());
>         }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org