You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/03/16 21:18:13 UTC
svn commit: r1787250 - in /tomcat/trunk:
java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
webapps/docs/changelog.xml
Author: markt
Date: Thu Mar 16 21:18:13 2017
New Revision: 1787250
URL: http://svn.apache.org/viewvc?rev=1787250&view=rev
Log:
Ensure that Set-Cookie headers generated by the Rfc6265CookieProcessor are aligned with the specification.
Patch provided by Jim Griswold.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java Thu Mar 16 21:18:13 2017
@@ -120,7 +120,7 @@ public class Rfc6265CookieProcessor exte
int maxAge = cookie.getMaxAge();
if (maxAge > -1) {
// Negative Max-Age is equivalent to no Max-Age
- header.append(";Max-Age=");
+ header.append("; Max-Age=");
header.append(maxAge);
// Microsoft IE and Microsoft Edge don't understand Max-Age so send
@@ -128,7 +128,7 @@ public class Rfc6265CookieProcessor exte
// browsers. See http://tomcat.markmail.org/thread/g6sipbofsjossacn
// Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
- header.append (";Expires=");
+ header.append ("; Expires=");
// To expire immediately we need to set the time in past
if (maxAge == 0) {
header.append(ANCIENT_DATE);
@@ -143,23 +143,23 @@ public class Rfc6265CookieProcessor exte
String domain = cookie.getDomain();
if (domain != null && domain.length() > 0) {
validateDomain(domain);
- header.append(";domain=");
+ header.append("; Domain=");
header.append(domain);
}
String path = cookie.getPath();
if (path != null && path.length() > 0) {
validatePath(path);
- header.append(";path=");
+ header.append("; Path=");
header.append(path);
}
if (cookie.getSecure()) {
- header.append(";Secure");
+ header.append("; Secure");
}
if (cookie.isHttpOnly()) {
- header.append(";HttpOnly");
+ header.append("; HttpOnly");
}
return header.toString();
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java Thu Mar 16 21:18:13 2017
@@ -182,12 +182,13 @@ public class TestCookieProcessorGenerati
@Test
public void v1TestMaxAgePositive() {
- doV1TestMaxAge(100, "foo=bar; Version=1; Max-Age=100", "foo=bar;Max-Age=100");
+ doV1TestMaxAge(100, "foo=bar; Version=1; Max-Age=100", "foo=bar; Max-Age=100");
}
@Test
public void v1TestMaxAgeZero() {
- doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0", "foo=bar;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:10 GMT");
+ doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0",
+ "foo=bar; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT");
}
@Test
@@ -198,13 +199,13 @@ public class TestCookieProcessorGenerati
@Test
public void v1TestDomainValid01() {
doV1TestDomain("example.com", "foo=bar; Version=1; Domain=example.com",
- "foo=bar;domain=example.com");
+ "foo=bar; Domain=example.com");
}
@Test
public void v1TestDomainValid02() {
doV1TestDomain("exa-mple.com", "foo=bar; Version=1; Domain=exa-mple.com",
- "foo=bar;domain=exa-mple.com");
+ "foo=bar; Domain=exa-mple.com");
}
@Test
@@ -245,7 +246,7 @@ public class TestCookieProcessorGenerati
@Test
public void v1TestPathValid() {
doV1TestPath("/example", "foo=bar; Version=1; Path=/example",
- "foo=bar;path=/example");
+ "foo=bar; Path=/example");
}
@Test
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1787250&r1=1787249&r2=1787250&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar 16 21:18:13 2017
@@ -64,6 +64,11 @@
Containers are configured with a value of 1 for startStopThreads.
(markt)
</fix>
+ <fix>
+ <bug>60876</bug>: Ensure that <code>Set-Cookie</code> headers generated
+ by the <code>Rfc6265CookieProcessor</code> are aligned with the
+ specification. Patch provided by Jim Griswold. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org