http-cookie icon indicating copy to clipboard operation
http-cookie copied to clipboard

Published 20 hours ago verified publisher icon sparklemotion

Quotes are being stripped out of the cookie values

Open uksa opened this issue 9 years ago • 4 comments

I've had an issue, when a cookie contains quotes wrapped around the value, the library is stripping out the quotes. Which is causing my authentication to fail. I've created a monkey in my fork, however when I went to create the tests and submit. It seems there is a few failing tests in this area and a bit more complex than I original thought.

scanner.rb

Before

def scan_value
    ''.tap { |s|
      case
      when scan(/[^,;"]+/)
        s << matched

After:

def scan_value
    ''.tap { |s|
      case
      when scan(/[^,;]+/)
        s << matched

I'll try and get to the bottom of the failing tests, I'm running Ruby 2.1.3

Perhaps it would be worth adding the tests into Travis. Would be more than happy to update if desired?

uksa avatar Sep 07 '15 16:09 uksa

I looked a bit into this and I wonder if the parser should keep track of the raw value to be able to return the values quoted when they have been parsed quoted. Similar to what is one here: https://github.com/AsyncHttpClient/async-http-client/pull/474

lacostej avatar Apr 02 '16 17:04 lacostej

I've not attempted executing this fix, but the concept sounds like a good idea.

serialbandicoot avatar Apr 12 '16 12:04 serialbandicoot

Hello @knu, @uksa, @lacostej , @serialbandicoot Can you guys provide status for issue hilighted here? I'm experiencing same error, and basically did same fix(monkeypatched with optional param)

But im just wondering will this issue be fixed, or its not an issue at all.

Here is what i see in headers:

Set-Cookie: COOKIE1=value; Domain=.domain.com; Path=/, COOKIE2="value"; Domain=.domain.com; Path=/

But here its not quoted. (i'm using Mechanize agent)

agent.cookies.find{|x| x.name == 'COOKIE2'}.value
=>  "value"

when i expected it to be "\"value\""

Another strange issue.. if i manually change value to quoted one and trying to call .to_s ...

[13] pry(main)> print HTTP::Cookie.new(name: 'COOKIE1', value: '"value"').to_s
COOKIE1="\"value\"" => nil

Shouldn't it bee COOKIE1="value" in results?

roodion avatar Oct 18 '17 12:10 roodion

It's been a really long time since I've needed to look at this issue, however I did remember that depending on the Ruby version you used, also affected how this issue was manifesting. Hence the reason for failing tests in the original comment. Sorry I can't be any more help!...

serialbandicoot avatar Oct 18 '17 18:10 serialbandicoot