[
https://issues.apache.org/jira/browse/HTTPCLIENT-1706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1706.
-------------------------------------------
Resolution: Invalid
As the test case in question only assigns effective domain but does not assign
the actual attribute value the RFC6265 policy rejects the coolie due to a
requirement of section 4.1.2.3
{noformat}
4.1.2.3.
...
If the server omits the Domain attribute, the user
agent will return the cookie only to the origin server.
WARNING: Some existing user agents treat an absent Domain
attribute as if the Domain attribute were present and contained
the current host name. For example, if example.com returns a Set-
Cookie header without a Domain attribute, these user agent will
erroneously send the cookie to www.example.com as well.
{noformat}
The test case passes if the following line is added to the test setup
{code:java}
cookie1.setAttribute(ClientCookie.DOMAIN_ATTR, ".apache.org");
{code}
Oleg
> Domain starting with "." in a cookie makes CookieSpec#match fails for
> subdomain
> -------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1706
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1706
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.5.1
> Reporter: Philippe Mouawad
>
> Following:
> http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201512.mbox/%3CCAH9fUpYn6BDFUMA6qq-q4ioFsSQvd%2BFrLJCiSJXaAxnw1ZsBtg%40mail.gmail.com%3E
> When migrating from HTTPCLIENT3 to HC4.5.1 (issue is also in HC4.2.3), we
> have an issue in behaviour of RFC6265 org.apache.http.client.config.CookieSpec
> Following test fails:
> {code:java}
> @Test
> public void testDomainStartingWithDot() {
> final BasicClientCookie cookie1 = new BasicClientCookie("id",
> "value");
> cookie1.setPath("/");
> cookie1.setDomain(".apache.org");
> cookie1.setSecure(false);
> cookie1.setExpiryDate(new Date(9999999999L));
>
> URL url;
> try {
> url = new URL("http://jakarta.apache.org/index.html";);
> String host = url.getHost();
> int port= 80;
> String path = url.getPath();
> boolean isSecure=false;
>
>
> CookieOrigin cookieOrigin = new CookieOrigin(host, port, path,
> isSecure);
>
> PublicSuffixMatcher publicSuffixMatcher =
> PublicSuffixMatcherLoader.getDefault();
> Registry<CookieSpecProvider> registry =
> RegistryBuilder.<CookieSpecProvider>create()
> .register(CookieSpecs.STANDARD, new
> RFC6265CookieSpecProvider(publicSuffixMatcher))
> .build();
> HttpClientContext context = HttpClientContext.create();
> CookieSpec cookieSpec =
> registry.lookup(CookieSpecs.STANDARD).create(context);
>
> Assert.assertTrue(cookieSpec.match(cookie1, cookieOrigin));
> } catch (MalformedURLException e) {
> Assert.fail(e.getMessage());
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
