Skip to content

Passing cookies via middleware, ensure cookies are escaped #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abrom merged 14 commits into from
Jun 30, 2020
Merged

Passing cookies via middleware, ensure cookies are escaped #70

abrom merged 14 commits into from
Jun 30, 2020

Conversation

@braindeaf
Copy link
Contributor

@braindeaf braindeaf commented Jun 24, 2020

It appears I missed a vital part of passing cookies from middleware, Rack::Utils unescapes cookies and they need to be re-escaped.

abrom
abrom reviewed Jun 24, 2020
View reviewed changes
spec/grover/middleware_spec.rb Outdated
cookies: [{ domain: 'www.example.org', name: 'key', value: 'value' }]
cookies: [
{ domain: 'www.example.org', name: 'key', value: 'value' },
{ domain: 'www.example.org', name: 'escaped', value: '%26%3D%3D'}
Copy link
Contributor

@abrom abrom Jun 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems like a reasonable test, however i'd suggest it would also be good to have a test that actually calls to Grover/Puppeteer with some encoded cookies, have the page render the contents then check the result contains the expected encoded values. Hopefully that way there will be less risk of future regressions. This would probably live in the processor_spec

Copy link
Contributor Author

@braindeaf braindeaf Jun 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. I shall make it so.

Copy link
Contributor Author

@braindeaf braindeaf Jun 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added that spec, but all it really does it prove that you can pass a cookies, escaped or not to Puppeteer, the real failure on this was not realising that the cookie parser had escaped it. My bad.

abrom
abrom requested changes Jun 29, 2020
View reviewed changes
Copy link
Contributor

@abrom abrom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks good @braindeaf 👍

Note per my comments I've fixed up the cookie renderer app to decode the cookie properly which now breaks your spec. Good news though is that the spec (once fixed) will make sense!

CHANGELOG.md
# Changelog

## Unreleased
- None
Copy link
Contributor

@abrom abrom Jun 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add an entry here for your change. Likely

### Fixed
- [#70](https://github.com/Studiosity/grover/pull/70) Ensure cookies are escaped when passing cookies via middleware ([@braindeaf][])

braindeaf and others added 2 commits June 30, 2020 23:26
@braindeaf @abrom
Update spec/grover/processor_spec.rb
c60110a 
Co-authored-by: Andrew Bromwich <a.bromwich@gmail.com>
added fix to CHANGELOG
36ff117
abrom
abrom approved these changes Jun 30, 2020
View reviewed changes
Copy link
Contributor

@abrom abrom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks great, thanks @braindeaf 👍

@abrom abrom merged commit 19738ad into Studiosity:main Jun 30, 2020
@abrom
Copy link
Contributor

abrom commented Jul 1, 2020

FYI this has been released in v0.12.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abrom abrom abrom approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@braindeaf @abrom