You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by ol...@apache.org on 2004/01/06 23:09:04 UTC
cvs commit: jakarta-commons/httpclient/src/test/org/apache/commons/httpclient TestCookie.java
olegk 2004/01/06 14:09:04
Modified: httpclient/src/java/org/apache/commons/httpclient/cookie
Tag: HTTPCLIENT_2_0_BRANCH CookieSpecBase.java
httpclient/src/test/org/apache/commons/httpclient Tag:
HTTPCLIENT_2_0_BRANCH TestCookie.java
Log:
PR #25264 (Cookie rejected)
Fixes the problem that causes rejection of cookies with a domain attribute '.domain.com' issued by host 'domain.com' in the browser compatibility mode. Even though the cookie violates the RFC 2109 it still gets accepted by mainstream browsers (tested with Mozilla Firebird and IE)
Contributed by Oleg Kalnichevski
Revision Changes Path
No revision
No revision
1.16.2.2 +12 -6 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java
Index: CookieSpecBase.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v
retrieving revision 1.16.2.1
retrieving revision 1.16.2.2
diff -u -r1.16.2.1 -r1.16.2.2
--- CookieSpecBase.java 20 Oct 2003 22:27:37 -0000 1.16.2.1
+++ CookieSpecBase.java 6 Jan 2004 22:09:04 -0000 1.16.2.2
@@ -419,9 +419,15 @@
// domain must match host
if (!host.endsWith(cookie.getDomain())) {
- throw new MalformedCookieException(
- "Illegal domain attribute \"" + cookie.getDomain()
- + "\". Domain of origin: \"" + host + "\"");
+ String s = cookie.getDomain();
+ if (s.startsWith(".")) {
+ s = s.substring(1, s.length());
+ }
+ if (!host.equals(s)) {
+ throw new MalformedCookieException(
+ "Illegal domain attribute \"" + cookie.getDomain()
+ + "\". Domain of origin: \"" + host + "\"");
+ }
}
} else {
if (!host.equals(cookie.getDomain())) {
No revision
No revision
1.22.2.2 +26 -4 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java
Index: TestCookie.java
===================================================================
RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v
retrieving revision 1.22.2.1
retrieving revision 1.22.2.2
diff -u -r1.22.2.1 -r1.22.2.2
--- TestCookie.java 20 Oct 2003 22:27:37 -0000 1.22.2.1
+++ TestCookie.java 6 Jan 2004 22:09:04 -0000 1.22.2.2
@@ -1001,6 +1001,28 @@
assertEquals("$Version=0; name=; $Domain=.whatever.com; $Path=/", s);
}
+ /**
+ * Tests if that invalid second domain level cookie gets
+ * rejected in the strict mode, but gets accepted in the
+ * browser compatibility mode.
+ */
+ public void testSecondDomainLevelCookie() throws Exception {
+ Cookie cookie = new Cookie(".sourceforge.net", "name", null, "/", null, false);
+ cookie.setDomainAttributeSpecified(true);
+ cookie.setPathAttributeSpecified(true);
+ CookieSpec parser = null;
+
+ parser = CookiePolicy.getSpecByPolicy(CookiePolicy.COMPATIBILITY);
+ parser.validate("sourceforge.net", 80, "/", false, cookie);
+
+ parser = CookiePolicy.getSpecByPolicy(CookiePolicy.RFC2109);
+ try {
+ parser.validate("sourceforge.net", 80, "/", false, cookie);
+ fail("MalformedCookieException should have been thrown");
+ } catch (MalformedCookieException e) {
+ // Expected
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org