* Cookie Handling [rack/rack GH-8]
@ 2009-12-02 13:13 Christian Neukirchen
[not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>
0 siblings, 1 reply; 4+ messages in thread
From: Christian Neukirchen @ 2009-12-02 13:13 UTC (permalink / raw)
To: rack-devel
mhat sent you a message.
--------------------
Rack appears to incorrectly handle cookies with values that are
quoted-strings. RFC2109 states that a value is a word and a may either
a token or a quoted-string. Rack is handling quoted-string values as
if they were tokens. Naturally this causes some problems.
It looks like the issue stems from the fact that Rack::Request#cookies
uses Rack::Utils.parse_query. What parse_query does makes sense for
parameters, but I think it is incorrect for cookie values.
If I have a cookie like so:
POST /acme/shipping HTTP/1.1
Cookie: $Version="1";
Customer="WILE_E_COYOTE"; $Path="/acme";
Part_Number="Rocket_Launcher_0001"; $Path="/acme"
The ruby String value for key Customer should be "WILE_E_COYOTE"
rather than "\"WILE_E_COYOTE\"".
You can imagine how this handling of quoted strings leads to
interoperability problems with other application stacks.
View this Issue online: http://github.com/rack/rack/issues#issue/8
--------------------
^ permalink raw reply [flat|nested] 4+ messages in thread[parent not found: <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>]
* Re: Cookie Handling [rack/rack GH-8] [not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com> @ 2009-12-02 17:19 ` Scytrin dai Kinthra [not found] ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com> 0 siblings, 1 reply; 4+ messages in thread From: Scytrin dai Kinthra @ 2009-12-02 17:19 UTC (permalink / raw) To: rack-devel [-- Attachment #1: Type: text/plain, Size: 1152 bytes --] I can see about fixing this today if no one else is claiming it. -- stadik.net On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com> wrote: mhat sent you a message. -------------------- Rack appears to incorrectly handle cookies with values that are quoted-strings. RFC2109 states that a value is a word and a may either a token or a quoted-string. Rack is handling quoted-string values as if they were tokens. Naturally this causes some problems. It looks like the issue stems from the fact that Rack::Request#cookies uses Rack::Utils.parse_query. What parse_query does makes sense for parameters, but I think it is incorrect for cookie values. If I have a cookie like so: POST /acme/shipping HTTP/1.1 Cookie: $Version="1"; Customer="WILE_E_COYOTE"; $Path="/acme"; Part_Number="Rocket_Launcher_0001"; $Path="/acme" The ruby String value for key Customer should be "WILE_E_COYOTE" rather than "\"WILE_E_COYOTE\"". You can imagine how this handling of quoted strings leads to interoperability problems with other application stacks. View this Issue online: http://github.com/rack/rack/issues#issue/8 -------------------- [-- Attachment #2: Type: text/html, Size: 1600 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com>]
* Re: Cookie Handling [rack/rack GH-8] [not found] ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com> @ 2009-12-03 23:56 ` Scytrin dai Kinthra 2009-12-04 1:21 ` Joshua Peek 0 siblings, 1 reply; 4+ messages in thread From: Scytrin dai Kinthra @ 2009-12-03 23:56 UTC (permalink / raw) To: rack-devel [-- Attachment #1: Type: text/plain, Size: 405 bytes --] Fixed, and pushed. Josh, you may want to add a few more tests or adjust the code as you've done the latest tweaking on #parse_query -- stadik.net On Dec 2, 2009 9:19 AM, "Scytrin dai Kinthra" <scytrin@gmail.com> wrote: I can see about fixing this today if no one else is claiming it. -- stadik.net > > On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com> wrote: > > mhat sent yo... [-- Attachment #2: Type: text/html, Size: 762 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Cookie Handling [rack/rack GH-8] 2009-12-03 23:56 ` Scytrin dai Kinthra @ 2009-12-04 1:21 ` Joshua Peek 0 siblings, 0 replies; 4+ messages in thread From: Joshua Peek @ 2009-12-04 1:21 UTC (permalink / raw) To: rack-devel Looks good. On Thu, Dec 3, 2009 at 5:56 PM, Scytrin dai Kinthra <scytrin@gmail.com> wrote: > Fixed, and pushed. Josh, you may want to add a few more tests or adjust the > code as you've done the latest tweaking on #parse_query > > -- > stadik.net > > On Dec 2, 2009 9:19 AM, "Scytrin dai Kinthra" <scytrin@gmail.com> wrote: > > I can see about fixing this today if no one else is claiming it. > -- > stadik.net > >> > On Dec 2, 2009 5:14 AM, "Christian Neukirchen" <chneukirchen@gmail.com> >> > wrote: > > mhat sent yo... -- Joshua Peek ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-12-04 1:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-12-02 13:13 Cookie Handling [rack/rack GH-8] Christian Neukirchen
[not found] ` <5a9d52bd0912020917q180168a3t48343dcc1f7fba1@mail.gmail.com>
2009-12-02 17:19 ` Scytrin dai Kinthra
[not found] ` <5a9d52bd0912031555y5acedb5aua57038aa8a53a070@mail.gmail.com>
2009-12-03 23:56 ` Scytrin dai Kinthra
2009-12-04 1:21 ` Joshua Peek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).