Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JdkConnectorProvider cannot parse Set-cookie header value when expires #4681

Merged
merged 1 commit into from
Jan 13, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -464,7 +464,8 @@ private boolean isInseparableHeader() {
/* Authenticate headers contain comma separated list of properties, which would be normally treated as separate header
values */
return Constants.WWW_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName)
|| Constants.PROXY_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName);
|| Constants.PROXY_AUTHENTICATE.equalsIgnoreCase(headerParsingState.headerName)
|| HttpHeaders.SET_COOKIE.equalsIgnoreCase(headerParsingState.headerName);

}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand All @@ -17,6 +17,7 @@
package org.glassfish.jersey.jdk.connector.internal;

import java.net.CookiePolicy;
import java.util.List;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
Expand All @@ -33,7 +34,6 @@
import org.glassfish.jersey.jdk.connector.JdkConnectorProvider;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;

import org.junit.Test;

import static org.junit.Assert.assertEquals;
Expand All @@ -53,6 +53,17 @@ public Response get(@Context HttpHeaders h) {
String e = (c == null) ? "NO-COOKIE" : c.getValue();
return Response.ok(e).cookie(new NewCookie("name", "value")).build();
}

@Path("/issue4678")
@GET
public Response issue4678(@Context HttpHeaders h) {
// Read the cookie
Cookie c = h.getCookies().get("foo");
// Write the value in a new cookie foo2. So we test cookies in both ways.
return Response.ok().header(HttpHeaders.SET_COOKIE,
"foo2=" + c.getValue() + "; expires=Wed, 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax")
.build();
}
}

@Override
Expand Down Expand Up @@ -82,4 +93,18 @@ public void testDisabledCookies() {
assertEquals("NO-COOKIE", target.request().get(String.class));
assertEquals("NO-COOKIE", target.request().get(String.class));
}

@Test
public void testIssue4678() {
Response response = target("/CookieResource/issue4678")
.request().header(HttpHeaders.COOKIE,
"foo=bar; expires=Wed, 10-Feb-2021 16:16:26 GMT; HttpOnly; Path=/; SameSite=Lax")
.get();
// Issue 4678 happens here. HttpParser splits the headers value by comma.
List<Object> setCookies = response.getHeaders().get(HttpHeaders.SET_COOKIE);
assertEquals("Expected 1 cookie, but it received: " + setCookies, 1, setCookies.size());
NewCookie newCookie = response.getCookies().get("foo2");
assertEquals("bar", newCookie.getValue());
}

}