You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Francois-Xavier Bonnet (JIRA)" <ji...@apache.org> on 2012/12/06 17:20:09 UTC

[jira] [Created] (HTTPCLIENT-1269) BrowserCompatSpec: cookies values containing spaces are forwarded without quotes

Francois-Xavier Bonnet created HTTPCLIENT-1269:
--------------------------------------------------

             Summary: BrowserCompatSpec: cookies values containing spaces are forwarded without quotes
                 Key: HTTPCLIENT-1269
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1269
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpCookie
    Affects Versions: 4.2.2
            Reporter: Francois-Xavier Bonnet


When a cookie is set with a value that contains spaces, BrowserCompatSpec does not use quotes in the Cookie request header. As a result the header is truncated by Tomcat.

To reproduce, I have got a servlet that creates a cookie:
response.addCookie(new Cookie("test","aaa bbb"));

Header in the response:
Set-Cookie: test="aaa bbb"; Version=1

Then a normal browser will send the cookie back with the quotes (tested with ff16.0.2 ie8.0 and chrome23):
Cookie: test="aaa bbb"

BrowserCompatSpec sends the cookie without the quotes:
Cookie: test=aaa bbb

Then with a Tomcat 7 server the cookie gets truncated:
request.getCookies()[0].getValue() -> aaa

Another test:
		CookieOrigin origin = new CookieOrigin("www.foo.com", 80, "/", false);
		CookieSpec cookieSpec = new BrowserCompatSpecFactory()
				.newInstance(null);
		Header setCookieHeader = new BasicHeader("Set-Cookie",
				"test=\"aaa bbb\"; Version=1");
		System.out.println("Set-Cookie header->" + setCookieHeader);
		Cookie cookie = cookieSpec.parse(setCookieHeader, origin).get(0);
		System.out.println("Cookie value->" + cookie.getValue());
		List<Cookie> cookies = new ArrayList<Cookie>();
		cookies.add(cookie);
		Header header = cookieSpec.formatCookies(cookies).get(0);
		System.out.println("Cookie header->" + header);

Output of the test:
Set-Cookie header->Set-Cookie: test="aaa bbb"; Version=1
Cookie value->aaa bbb
Cookie header->Cookie: test=aaa bbb

I suggest that in BrowserCompatSpec we format the Cookie header using BasicHeaderValueFormatter
This way only the cookie values containing separators will be quoted. The change on current behaviour is not big and we don't have to change a lot of code.

If it is OK for everybody, I can make a patch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org