From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id CC4951F731 for ; Tue, 6 Aug 2019 22:55:21 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 0C3D6120A76; Wed, 7 Aug 2019 07:55:14 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id BA821120A71 for ; Wed, 7 Aug 2019 07:55:11 +0900 (JST) Received: by filter0178p3mdw1.sendgrid.net with SMTP id filter0178p3mdw1-8162-5D4A0552-19 2019-08-06 22:55:14.32144278 +0000 UTC m=+963076.384443555 Received: from herokuapp.com (unknown [54.164.239.186]) by ismtpd0036p1mdw1.sendgrid.net (SG) with ESMTP id oQW1KKGqRPublF3MPauYzQ for ; Tue, 06 Aug 2019 22:55:14.335 +0000 (UTC) Date: Tue, 06 Aug 2019 22:55:14 +0000 (UTC) From: merch-redmine@jeremyevans.net Message-ID: References: Mime-Version: 1.0 X-Redmine-MailingListIntegration-Message-Ids: 69673 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 7021 X-Redmine-Issue-Author: boris317 X-Redmine-Issue-Assignee: nahi X-Redmine-Sender: jeremyevans0 X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: =?us-ascii?Q?RVE3t853K5scBhbmJHUzZTFFeVC=2FZSUmHZ0Dc+26wcEi2CTgsF1oz0wTSSxGGN?= =?us-ascii?Q?BIKBTfRdwntIP331Y8a2eeQDfnATXAgrzHjMybw?= =?us-ascii?Q?Abe67=2FdbgVTwDvHYXpU24nlTSDHlGOgSPlRhycb?= =?us-ascii?Q?lrq5Zw8QTNDu7SGtulimesR6W=2FzNh83g39XFZHd?= =?us-ascii?Q?=2Fdnpv+Rr=2FnQqdn87qUcxdckmQ9o3IO9wlag=3D=3D?= To: ruby-core@ruby-lang.org X-ML-Name: ruby-core X-Mail-Count: 94164 Subject: [ruby-core:94164] [Ruby master Bug#7021] WEBrick::HTTPUtils.parse_header "normalizing" white space of cookie values. X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #7021 has been updated by jeremyevans0 (Jeremy Evans). I agree this is a bug that violates RFC 2616 and RFC 7230 and have submitted a pull request to fix this issue: https://github.com/ruby/webrick/pull/23 ---------------------------------------- Bug #7021: WEBrick::HTTPUtils.parse_header "normalizing" white space of cookie values. https://bugs.ruby-lang.org/issues/7021#change-80419 * Author: boris317 (shawn adams) * Status: Assigned * Priority: Normal * Assignee: nahi (Hiroshi Nakamura) * Target version: * ruby -v: ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-darwin11.3.0] * Backport: ---------------------------------------- parse_header calls value.gsub!(/\s+/, " ") on ALL header values. I am using a web framework that runs on WEBrick as an HTTP proxy. When the cookies pass through the proxy the whitespace is normalized which is actually breaking the outgoing service call. There is a length "flag" in the cookie and stripping any whitespace from it breaks that. Is it intended behavior to normalize whitespace in request cookie values? -- https://bugs.ruby-lang.org/