-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JdkConnectorProvider cannot parse Set-cookie header value when expires attribute is present #4678
Comments
RFC 7230 Says:
Hence, I agree that |
Fixed by #4681 |
JdkConnectorProvider is unable to parse
Set-cookie
header value with an expires attributes. A date header contains a comma afterday-name
but jdk-connector assumes this comma mean concatened header values. Original header value is then split in two values, the second being invalid (ie. value should start by<cookie-name>=<cookie-value>
).When a web server returns following header
Set-cookie: foo=bar; expires=Wed, 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax" )
, jdk-connector parses it asSet-cookie: foo=bar; expires=Wed\nSet-cookie: 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax
.Following test case reproduce the issue:
Root cause is HttpParser#parseHeaderValue
WWW-Authenticate
andProxy-Authenticate
are protected from this splitting butSet-cookie
isn't. It's unclear to me ifSet-cookie
should be added toisInseparableHeader
or if something else is wrong.HttpUrlConnectorProvider parses the same header value without any problem.
The text was updated successfully, but these errors were encountered: