[
https://issues.apache.org/jira/browse/HTTPCLIENT-1043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12981790#action_12981790
]
Dmitry Grytsovets commented on HTTPCLIENT-1043:
-----------------------------------------------
> The HTTP specification clearly states that the path attribute must be a
> prefix of the request-URI. See the extracts above. Therefore a cookie with
> the path "/d1/d2" can be sent to "/d1/d2/d3" but cannot be sent to "/d1".
> If your application needs to be compatible with broken web sites that violate
> the HTTP specification, you can implement a custom cookie spec or override
> the path matching logic of the default implementation.
Simple scenario,
You on page http://localhost/stat/
When you enter password for domain.tld, page http://localhost/stat/ trying to
set cookie for http://localhost/stat/domain.tld/
Current version of client REJECT this cookies
As you can see in my test
CookieSpec cookiespec = new RFC2109Spec();
//login page
CookieOrigin readOrigin = new CookieOrigin("127.0.0.1", 80, "/d1", false);
//trying to set cookies for it's CHILD
BasicHeader header = new BasicHeader("Set-Cookie",
"cookie-name=cookie-value; domain=127.0.0.1; path=/d1/d2");
//this part must be fixed
List<Cookie> cookies = cookiespec.parse(header, readOrigin);
try {
for (int i = 0; i < cookies.size(); i++) {
cookiespec.validate(cookies.get(i), readOrigin);
}
} catch (MalformedCookieException e) {
//BUT CLIENT REJECTS IT
Assert.fail("MalformedCookieException exception should havn't been thrown");
}
> BasicPathHandler match bug
> --------------------------
>
> Key: HTTPCLIENT-1043
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1043
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 4.0.1, 4.0.2, 4.0.3, 4.1 Alpha1, 4.1 Alpha2, 4.1 Beta1
> Reporter: Dmitry Grytsovets
> Priority: Minor
>
> in BasicPathHandler
> boolean match = targetpath.startsWith (topmostPath);
> // if there is a match and these values are not exactly the same we
> have
> // to make sure we're not matcing "/foobar" and "/foo"
> if (match && targetpath.length() != topmostPath.length()) {
> if (!topmostPath.endsWith("/")) {
> match = (targetpath.charAt(topmostPath.length()) == '/');
> }
> }
> must be changed to
> boolean match = topmostPath.startsWith (targetpath);
> // if there is a match and these values are not exactly the same we
> have
> // to make sure we're not matcing "/foobar" and "/foo"
> if (match && targetpath.length() != topmostPath.length()) {
> if (!targetPath.endsWith("/")) {
> match = (topmostPath.charAt(targetpath.length()-1) == '/');
> }
> }
> example
> targetpath = "/stat/" // where are you
> topmostPath = "/stat/domain.tld/" // cookie for path
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
