[jira] [Created] (HTTPCLIENT-1269) BrowserCompatSpec: cookies values containing spaces are forwarded without quotes

Thu, 06 Dec 2012 08:36:19 -0800 

Francois-Xavier Bonnet created HTTPCLIENT-1269:
--------------------------------------------------

             Summary: BrowserCompatSpec: cookies values containing spaces are 
forwarded without quotes
                 Key: HTTPCLIENT-1269
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpCookie
    Affects Versions: 4.2.2
            Reporter: Francois-Xavier Bonnet


When a cookie is set with a value that contains spaces, BrowserCompatSpec does 
not use quotes in the Cookie request header. As a result the header is 
truncated by Tomcat.

To reproduce, I have got a servlet that creates a cookie:
response.addCookie(new Cookie("test","aaa bbb"));

Header in the response:
Set-Cookie: test="aaa bbb"; Version=1

Then a normal browser will send the cookie back with the quotes (tested with 
ff16.0.2 ie8.0 and chrome23):
Cookie: test="aaa bbb"

BrowserCompatSpec sends the cookie without the quotes:
Cookie: test=aaa bbb

Then with a Tomcat 7 server the cookie gets truncated:
request.getCookies()[0].getValue() -> aaa

Another test:
                CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", 
false);
                CookieSpec cookieSpec = new BrowserCompatSpecFactory()
                                .newInstance(null);
                Header setCookieHeader = new BasicHeader("Set-Cookie",
                                "test=\"aaa bbb\"; Version=1");
                System.out.println("Set-Cookie header->" + setCookieHeader);
                Cookie cookie = cookieSpec.parse(setCookieHeader, 
origin).get(0);
                System.out.println("Cookie value->" + cookie.getValue());
                List<Cookie> cookies = new ArrayList<Cookie>();
                cookies.add(cookie);
                Header header = cookieSpec.formatCookies(cookies).get(0);
                System.out.println("Cookie header->" + header);

Output of the test:
Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
Cookie value->aaa bbb
Cookie header->Cookie: test=aaa bbb

I suggest that in BrowserCompatSpec we format the Cookie header using 
BasicHeaderValueFormatter
This way only the cookie values containing separators will be quoted. The 
change on current behaviour is not big and we don't have to change a lot of 
code.

If it is OK for everybody, I can make a patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to