fix(header): ignore invalid cookies

In the spirit of Postel's law, ignore invalid cookies rather than completely discard the entire Cookie header, which is what the current code does, and which will lead to confusion when dealing with headers with invalid cookies injected by proxies and intermediate apps servers.
hyperium · Apr 29, 2017 · 310d98d · 310d98d
1 parent 276170f
commit 310d98d
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/src/header/common/cookie.rs b/src/header/common/cookie.rs
@@ -102,8 +102,6 @@ impl Header for Cookie {
                 let key_val = (key_val.next(), key_val.next());
                 if let (Some(key), Some(val)) = key_val {
                     vec_map.insert(key.trim().to_owned().into(), val.trim().to_owned().into());
-                } else {
-                    return Err(::Error::Header);
                 }
             }
         }
@@ -213,10 +211,20 @@ mod tests {
         cookie.append("foo", "bar");
         assert_eq!(cookie, parsed);
 
+        let parsed = Cookie::parse_header(&b"foo=bar;".to_vec().into()).unwrap();
+        assert_eq!(cookie, parsed);
+
         let parsed = Cookie::parse_header(&b"foo=bar; baz=quux".to_vec().into()).unwrap();
         cookie.append("baz", "quux");
         assert_eq!(cookie, parsed);
 
+        let parsed = Cookie::parse_header(&b"foo=bar;; baz=quux".to_vec().into()).unwrap();
+        assert_eq!(cookie, parsed);
+
+        let parsed = Cookie::parse_header(&b"foo=bar; invalid ; bad; ;; baz=quux".to_vec().into())
+            .unwrap();
+        assert_eq!(cookie, parsed);
+
         let parsed = Cookie::parse_header(&b" foo  =    bar;baz= quux  ".to_vec().into()).unwrap();
         assert_eq!(cookie, parsed);
 
@@ -241,9 +249,6 @@ mod tests {
                 .unwrap();
         cookie.append("double", "=2");
         assert_eq!(cookie, parsed);
-
-        Cookie::parse_header(&b"foo;bar=baz;quux".to_vec().into()).unwrap_err();
-
     }
 }