* [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
@ 2022-11-26 16:30 cpinto (Celso Pinto)
2022-11-26 17:00 ` [ruby-core:111023] " mame (Yusuke Endoh)
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: cpinto (Celso Pinto) @ 2022-11-26 16:30 UTC (permalink / raw)
To: ruby-core
Issue #19153 has been reported by cpinto (Celso Pinto).
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153
* Author: cpinto (Celso Pinto)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ruby-core:111023] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
@ 2022-11-26 17:00 ` mame (Yusuke Endoh)
2022-11-28 4:45 ` [ruby-core:111033] " hsbt (Hiroshi SHIBATA)
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: mame (Yusuke Endoh) @ 2022-11-26 17:00 UTC (permalink / raw)
To: ruby-core
Issue #19153 has been updated by mame (Yusuke Endoh).
This issue is discussed at https://github.com/ruby/cgi/pull/29 .
As I wrote in https://github.com/ruby/cgi/pull/29#issuecomment-1325852303, RFC 6265 prohibits leading dot for Cookie domain. However, the old spec of Cookie (RFC 2109) required the leading dot. I think it is reasonable to allow leading dots.
@akr @naruse What do you think?
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-100277
* Author: cpinto (Celso Pinto)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ruby-core:111033] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
2022-11-26 17:00 ` [ruby-core:111023] " mame (Yusuke Endoh)
@ 2022-11-28 4:45 ` hsbt (Hiroshi SHIBATA)
2022-11-28 4:51 ` [ruby-core:111034] " mame (Yusuke Endoh)
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: hsbt (Hiroshi SHIBATA) @ 2022-11-28 4:45 UTC (permalink / raw)
To: ruby-core
Issue #19153 has been updated by hsbt (Hiroshi SHIBATA).
FYI: https://github.com/ruby/cgi/pull/29#issuecomment-1328487556
I released [cgi-0.3.6](https://github.com/ruby/cgi/releases/tag/v0.3.6) for this issue. Can you try it with adding `"cgi", ">= 0.3.6"` in your Gemfile.
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-100286
* Author: cpinto (Celso Pinto)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ruby-core:111034] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
2022-11-26 17:00 ` [ruby-core:111023] " mame (Yusuke Endoh)
2022-11-28 4:45 ` [ruby-core:111033] " hsbt (Hiroshi SHIBATA)
@ 2022-11-28 4:51 ` mame (Yusuke Endoh)
2023-02-23 3:42 ` [ruby-core:112543] " nagachika (Tomoyuki Chikanaga) via ruby-core
2023-02-23 3:43 ` [ruby-core:112544] " nagachika (Tomoyuki Chikanaga) via ruby-core
4 siblings, 0 replies; 6+ messages in thread
From: mame (Yusuke Endoh) @ 2022-11-28 4:51 UTC (permalink / raw)
To: ruby-core
Issue #19153 has been updated by mame (Yusuke Endoh).
mame (Yusuke Endoh) wrote in #note-1:
> As I wrote in https://github.com/ruby/cgi/pull/29#issuecomment-1325852303, RFC 6265 prohibits leading dot for Cookie domain. However, the old spec of Cookie (RFC 2109) required the leading dot. I think it is reasonable to allow leading dots.
Just for the record: it looks like RFC 6265 allows a leading dot. See https://github.com/ruby/cgi/pull/29#issuecomment-1328487556
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-100287
* Author: cpinto (Celso Pinto)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ruby-core:112543] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
` (2 preceding siblings ...)
2022-11-28 4:51 ` [ruby-core:111034] " mame (Yusuke Endoh)
@ 2023-02-23 3:42 ` nagachika (Tomoyuki Chikanaga) via ruby-core
2023-02-23 3:43 ` [ruby-core:112544] " nagachika (Tomoyuki Chikanaga) via ruby-core
4 siblings, 0 replies; 6+ messages in thread
From: nagachika (Tomoyuki Chikanaga) via ruby-core @ 2023-02-23 3:42 UTC (permalink / raw)
To: ruby-core; +Cc: nagachika (Tomoyuki Chikanaga)
Issue #19153 has been updated by nagachika (Tomoyuki Chikanaga).
Backport changed from 2.7: REQUIRED, 3.0: REQUIRED, 3.1: REQUIRED to 2.7: REQUIRED, 3.0: REQUIRED, 3.1: DONE
ruby_3_1 4141989b2aef2993bb19140a4be355d1c68b8be1 merged revision(s) 656f25987cf2885104d5b13c8d3f5b7d32f1b333,98074a57ca9f3169fe9da9af6c49b636d37db16f,745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649,b335d899fff3cc22b022c9ee2ceb636d714bf1a7.
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-101988
* Author: cpinto (Celso Pinto)
* Status: Closed
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: REQUIRED, 3.0: REQUIRED, 3.1: DONE
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ruby-core:112544] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
` (3 preceding siblings ...)
2023-02-23 3:42 ` [ruby-core:112543] " nagachika (Tomoyuki Chikanaga) via ruby-core
@ 2023-02-23 3:43 ` nagachika (Tomoyuki Chikanaga) via ruby-core
4 siblings, 0 replies; 6+ messages in thread
From: nagachika (Tomoyuki Chikanaga) via ruby-core @ 2023-02-23 3:43 UTC (permalink / raw)
To: ruby-core; +Cc: nagachika (Tomoyuki Chikanaga)
Issue #19153 has been updated by nagachika (Tomoyuki Chikanaga).
Updated the bundled cgi to 0.3.6 on ruby_3_1 branch.
----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-101989
* Author: cpinto (Celso Pinto)
* Status: Closed
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: REQUIRED, 3.0: REQUIRED, 3.1: DONE
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:
```
def domain=(str)
if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
raise ArgumentError, "invalid domain: #{str.dump}"
end
@domain = str
end
```
Setting a breakpoint:
0> str
=> ".example.com"
0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/
0> DOMAIN_VALUE_RE.match?(str)
=> false
0> DOMAIN_VALUE_RE.match?('example.com')
=> true
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-02-23 3:43 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-26 16:30 [ruby-core:111022] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot cpinto (Celso Pinto)
2022-11-26 17:00 ` [ruby-core:111023] " mame (Yusuke Endoh)
2022-11-28 4:45 ` [ruby-core:111033] " hsbt (Hiroshi SHIBATA)
2022-11-28 4:51 ` [ruby-core:111034] " mame (Yusuke Endoh)
2023-02-23 3:42 ` [ruby-core:112543] " nagachika (Tomoyuki Chikanaga) via ruby-core
2023-02-23 3:43 ` [ruby-core:112544] " nagachika (Tomoyuki Chikanaga) via ruby-core
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).