diff --git a/connectors/jdk-connector/src/main/java/org/glassfish/jersey/jdk/connector/internal/HttpParser.java b/connectors/jdk-connector/src/main/java/org/glassfish/jersey/jdk/connector/internal/HttpParser.java index ed2fbf9d97..3f0a31072c 100644 --- a/connectors/jdk-connector/src/main/java/org/glassfish/jersey/jdk/connector/internal/HttpParser.java +++ b/connectors/jdk-connector/src/main/java/org/glassfish/jersey/jdk/connector/internal/HttpParser.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2019 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2021 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -464,7 +464,8 @@ private boolean isInseparableHeader() { /* Authenticate headers contain comma separated list of properties, which would be normally treated as separate header values */ return Constants.WWW_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName) - || Constants.PROXY_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName); + || Constants.PROXY_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName) + || HttpHeaders.SET_COOKIE.equalsIgnoreCase(headerParsingState.headerName); } diff --git a/connectors/jdk-connector/src/test/java/org/glassfish/jersey/jdk/connector/internal/CookieTest.java b/connectors/jdk-connector/src/test/java/org/glassfish/jersey/jdk/connector/internal/CookieTest.java index 418e7c4dd3..82fee74e79 100644 --- a/connectors/jdk-connector/src/test/java/org/glassfish/jersey/jdk/connector/internal/CookieTest.java +++ b/connectors/jdk-connector/src/test/java/org/glassfish/jersey/jdk/connector/internal/CookieTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2019 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2021 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -17,6 +17,7 @@ package org.glassfish.jersey.jdk.connector.internal; import java.net.CookiePolicy; +import java.util.List; import javax.ws.rs.GET; import javax.ws.rs.Path; @@ -33,7 +34,6 @@ import org.glassfish.jersey.jdk.connector.JdkConnectorProvider; import org.glassfish.jersey.server.ResourceConfig; import org.glassfish.jersey.test.JerseyTest; - import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -53,6 +53,17 @@ public Response get(@Context HttpHeaders h) { String e = (c == null) ? "NO-COOKIE" : c.getValue(); return Response.ok(e).cookie(new NewCookie("name", "value")).build(); } + + @Path("/issue4678") + @GET + public Response issue4678(@Context HttpHeaders h) { + // Read the cookie + Cookie c = h.getCookies().get("foo"); + // Write the value in a new cookie foo2. So we test cookies in both ways. + return Response.ok().header(HttpHeaders.SET_COOKIE, + "foo2=" + c.getValue() + "; expires=Wed, 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax") + .build(); + } } @Override @@ -82,4 +93,18 @@ public void testDisabledCookies() { assertEquals("NO-COOKIE", target.request().get(String.class)); assertEquals("NO-COOKIE", target.request().get(String.class)); } + + @Test + public void testIssue4678() { + Response response = target("/CookieResource/issue4678") + .request().header(HttpHeaders.COOKIE, + "foo=bar; expires=Wed, 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax") + .get(); + // Issue 4678 happens here. HttpParser splits the headers value by comma. + List setCookies = response.getHeaders().get(HttpHeaders.SET_COOKIE); + assertEquals("Expected 1 cookie, but it received: " + setCookies, 1, setCookies.size()); + NewCookie newCookie = response.getCookies().get("foo2"); + assertEquals("bar", newCookie.getValue()); + } + }