forked/hyper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(header): ignore invalid cookies

Browse Source 
In the spirit of Postel's law, ignore invalid cookies rather than
completely discard the entire Cookie header, which is what the current
code does, and which will lead to confusion when dealing with headers
with invalid cookies injected by proxies and intermediate apps servers.
This commit is contained in:
Yves Dorfsman
2017-04-29 14:09:24 -06:00
parent 276170fd1c
commit 310d98d50b
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/header/common/cookie.rs
View File

@@ -102,8 +102,6 @@ impl Header for Cookie {
let key_val = (key_val.next(), key_val.next());
if let (Some(key), Some(val)) = key_val {
vec_map.insert(key.trim().to_owned().into(), val.trim().to_owned().into());
} else {
return Err(::Error::Header);
}
}
}
@@ -213,10 +211,20 @@ mod tests {
cookie.append("foo", "bar");
assert_eq!(cookie, parsed);
let parsed = Cookie::parse_header(&b"foo=bar;".to_vec().into()).unwrap();
assert_eq!(cookie, parsed);
let parsed = Cookie::parse_header(&b"foo=bar; baz=quux".to_vec().into()).unwrap();
cookie.append("baz", "quux");
assert_eq!(cookie, parsed);
let parsed = Cookie::parse_header(&b"foo=bar;; baz=quux".to_vec().into()).unwrap();
assert_eq!(cookie, parsed);
let parsed = Cookie::parse_header(&b"foo=bar; invalid ; bad; ;; baz=quux".to_vec().into())
.unwrap();
assert_eq!(cookie, parsed);
let parsed = Cookie::parse_header(&b" foo = bar;baz= quux ".to_vec().into()).unwrap();
assert_eq!(cookie, parsed);
@@ -241,9 +249,6 @@ mod tests {
.unwrap();
cookie.append("double", "=2");
assert_eq!(cookie, parsed);
Cookie::parse_header(&b"foo;bar=baz;quux".to_vec().into()).unwrap_err();
}
}