Patrik Ragnarsson
Patrik Ragnarsson
Looks like https://github.blog/2013-04-09-yummy-cookies-across-domains/ is the origin of this protection. I have only scrolled the blog post, not read it.
Are you able to help me out here, should we just change the test case here or should the implementation account for the fact that Rack no longer encodes `%`...
Thanks for all the info (still need to spend more time on this, like reading the Rails PR you link to). > Therefore the correct solution is for Rack to...
So with https://github.com/rack/rack/commit/a71dfd79d8f49decbe5a1db703dd234df30ba6cc (Rack 3.1.0+), `Rack::Utils.escape` is no longer called on the cookie key (when it is valid). The key we are testing with here is valid: ```ruby irb(main):001> VALID_COOKIE_KEY...
I think we should rely on Rack for parsing the header values.
Just a heads-up that this will need to sit for a while. I have some related changes coming up but I won't be able to continue until August with them....
> I also want to sort out the CI issue, I have seen it before, and I can reproduce it in Docker. I'll just use this place to note the...
Are you able to rebase?
Hmm, Ruby 2.4 in macOS failed https://github.com/puma/puma/actions/runs/11664819104/job/32476175139?pr=3439 Seems related ``` test/runner --verbose shell: /bin/bash -e {0} env: CI: true PUMA_TEST_DEBUG: true TESTOPTS: -v PUMA_NO_RUBOCOP: true TERM: BugMinitest PUMA_CI_RACK: TMPDIR: /Users/runner/work/_temp...