You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2012/12/06 18:07:10 UTC
[jira] [Commented] (HTTPCLIENT-1269) BrowserCompatSpec: cookies
values containing spaces are forwarded without quotes
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13511516#comment-13511516 ]
Oleg Kalnichevski commented on HTTPCLIENT-1269:
-----------------------------------------------
Sure. Please do so.
Oleg
> BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
> --------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1269
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 4.2.2
> Reporter: Francois-Xavier Bonnet
>
> When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use quotes in the Cookie request header. As a result the header is truncated by Tomcat.
> To reproduce, I have got a servlet that creates a cookie:
> response.addCookie(new Cookie("test","aaa bbb"));
> Header in the response:
> Set-Cookie: test="aaa bbb"; Version=1
> Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2 ie8.0 and chrome23):
> Cookie: test="aaa bbb"
> BrowserCompatSpec sends the cookie without the quotes:
> Cookie: test=aaa bbb
> Then with a Tomcat 7 server the cookie gets truncated:
> request.getCookies()[0].getValue() -> aaa
> Another test:
> CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
> CookieSpec cookieSpec = new BrowserCompatSpecFactory()
> .newInstance(null);
> Header setCookieHeader = new BasicHeader("Set-Cookie",
> "test=\"aaa bbb\"; Version=1");
> System.out.println("Set-Cookie header->" + setCookieHeader);
> Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
> System.out.println("Cookie value->" + cookie.getValue());
> List<Cookie> cookies = new ArrayList<Cookie>();
> cookies.add(cookie);
> Header header = cookieSpec.formatCookies(cookies).get(0);
> System.out.println("Cookie header->" + header);
> Output of the test:
> Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
> Cookie value->aaa bbb
> Cookie header->Cookie: test=aaa bbb
> I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
> This way only the cookie values containing separators will be quoted. The change on current behaviour is not big and we don't have to change a lot of code.
> If it is OK for everybody, I can make a patch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org