From 310d98d50b929b8bde898cbb1137df95da5e0840 Mon Sep 17 00:00:00 2001 From: Yves Dorfsman Date: Sat, 29 Apr 2017 14:09:24 -0600 Subject: [PATCH] fix(header): ignore invalid cookies In the spirit of Postel's law, ignore invalid cookies rather than completely discard the entire Cookie header, which is what the current code does, and which will lead to confusion when dealing with headers with invalid cookies injected by proxies and intermediate apps servers. --- src/header/common/cookie.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/header/common/cookie.rs b/src/header/common/cookie.rs index ddb9ca921c..ee7c67b9cc 100644 --- a/src/header/common/cookie.rs +++ b/src/header/common/cookie.rs @@ -102,8 +102,6 @@ impl Header for Cookie { let key_val = (key_val.next(), key_val.next()); if let (Some(key), Some(val)) = key_val { vec_map.insert(key.trim().to_owned().into(), val.trim().to_owned().into()); - } else { - return Err(::Error::Header); } } } @@ -213,10 +211,20 @@ mod tests { cookie.append("foo", "bar"); assert_eq!(cookie, parsed); + let parsed = Cookie::parse_header(&b"foo=bar;".to_vec().into()).unwrap(); + assert_eq!(cookie, parsed); + let parsed = Cookie::parse_header(&b"foo=bar; baz=quux".to_vec().into()).unwrap(); cookie.append("baz", "quux"); assert_eq!(cookie, parsed); + let parsed = Cookie::parse_header(&b"foo=bar;; baz=quux".to_vec().into()).unwrap(); + assert_eq!(cookie, parsed); + + let parsed = Cookie::parse_header(&b"foo=bar; invalid ; bad; ;; baz=quux".to_vec().into()) + .unwrap(); + assert_eq!(cookie, parsed); + let parsed = Cookie::parse_header(&b" foo = bar;baz= quux ".to_vec().into()).unwrap(); assert_eq!(cookie, parsed); @@ -241,9 +249,6 @@ mod tests { .unwrap(); cookie.append("double", "=2"); assert_eq!(cookie, parsed); - - Cookie::parse_header(&b"foo;bar=baz;quux".to_vec().into()).unwrap_err(); - } }