[
https://issues.apache.org/jira/browse/HTTPCLIENT-1269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois-Xavier Bonnet updated HTTPCLIENT-1269:
-----------------------------------------------
Attachment: BrowserCompatSpec_patch.txt
Here is the patch. I had to fix a few tests that were expecting version=0 even
if Version=1 was specified in the Set-Cookie header.
> BrowserCompatSpec: cookies values containing spaces are forwarded without
> quotes
> --------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1269
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 4.2.2
> Reporter: Francois-Xavier Bonnet
> Attachments: BrowserCompatSpec_patch.txt
>
>
> When a cookie is set with a value that contains spaces, BrowserCompatSpec
> does not use quotes in the Cookie request header. As a result the header is
> truncated by Tomcat.
> To reproduce, I have got a servlet that creates a cookie:
> response.addCookie(new Cookie("test","aaa bbb"));
> Header in the response:
> Set-Cookie: test="aaa bbb"; Version=1
> Then a normal browser will send the cookie back with the quotes (tested with
> ff16.0.2 ie8.0 and chrome23):
> Cookie: test="aaa bbb"
> BrowserCompatSpec sends the cookie without the quotes:
> Cookie: test=aaa bbb
> Then with a Tomcat 7 server the cookie gets truncated:
> request.getCookies()[0].getValue() -> aaa
> Another test:
> CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/",
> false);
> CookieSpec cookieSpec = new BrowserCompatSpecFactory()
> .newInstance(null);
> Header setCookieHeader = new BasicHeader("Set-Cookie",
> "test=\"aaa bbb\"; Version=1");
> System.out.println("Set-Cookie header->" + setCookieHeader);
> Cookie cookie = cookieSpec.parse(setCookieHeader,
> origin).get(0);
> System.out.println("Cookie value->" + cookie.getValue());
> List<Cookie> cookies = new ArrayList<Cookie>();
> cookies.add(cookie);
> Header header = cookieSpec.formatCookies(cookies).get(0);
> System.out.println("Cookie header->" + header);
> Output of the test:
> Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
> Cookie value->aaa bbb
> Cookie header->Cookie: test=aaa bbb
> I suggest that in BrowserCompatSpec we format the Cookie header using
> BasicHeaderValueFormatter
> This way only the cookie values containing separators will be quoted. The
> change on current behaviour is not big and we don't have to change a lot of
> code.
> If it is OK for everybody, I can make a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
