[
https://issues.apache.org/jira/browse/KNOX-2479?focusedWorklogId=521698&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-521698
]
ASF GitHub Bot logged work on KNOX-2479:
----------------------------------------
Author: ASF GitHub Bot
Created on: 08/Dec/20 14:17
Start Date: 08/Dec/20 14:17
Worklog Time Spent: 10m
Work Description: pzampino commented on a change in pull request #391:
URL: https://github.com/apache/knox/pull/391#discussion_r538419292
##########
File path:
gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
##########
@@ -382,7 +382,14 @@ private String calculateResponseHeaderValue(Header
headerToCheck, Map<String, Se
return ""; // we should exclude all -> there should not be any value
added with this header
} else {
final String separator =
SET_COOKIE.equalsIgnoreCase(headerNameToCheck) ? "; " : " ";
- Set<String> headerValuesToCheck = new
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split("\\s+")));
+ Set<String> headerValuesToCheck;
+ if(headerToCheck.getName().equalsIgnoreCase(SET_COOKIE)) {
+ headerValuesToCheck = new
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split(";")));
+ /* trim */
+ headerValuesToCheck =
headerValuesToCheck.stream().map(String::trim).collect(Collectors.toSet());
+ } else {
+ headerValuesToCheck = new
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split("\\s+")));
+ }
headerValuesToCheck = headerValuesToCheck.stream().map(h ->
h.replaceAll(separator.trim(), "")).collect(Collectors.toSet());
Review comment:
Why the need to trim the separator here? Why not set the value to the
trimmed form in the first place?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 521698)
Time Spent: 20m (was: 10m)
> set-cookie headers broken when spaces between attributes are missing
> --------------------------------------------------------------------
>
> Key: KNOX-2479
> URL: https://issues.apache.org/jira/browse/KNOX-2479
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 1.6.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The assumption here is that SET-COOKIE header returned to Knox will always
> have spaces between the fields
> e.g.
> {code:java}
> SESSION=e69d3d08-7452-45cb-90bb-9cdde3fa1342; Path=/; HttpOnly{code}
> Which is not the case when CM returns the SET-COOKIE header
> {code:java}
> SESSION=e69d3d08-7452-45cb-90bb-9cdde3fa1342;Path=/;HttpOnly
> {code}
> Which breaks the Knox logic.
> Examples in RFC [https://tools.ietf.org/html/rfc6265#section-2.2] have
> whitespace but they do not specify format. Since CM uses it and it was
> working up until now Knox should be fixed to support it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
