From 79bba38ad5123e9eb8b18d889a2b3bee718f2d8c Mon Sep 17 00:00:00 2001
From: gregw <gregw@webtide.com>
Date: Tue, 21 Feb 2023 18:44:28 +1100
Subject: [PATCH] Fix #9334 Cookie Compliance

Fix incorrect change to RFC6265 to not support dollars in cookie names.
Included updates and tests from #9399

Signed-off-by: gregw <gregw@webtide.com>
---
 .../jetty/http/RFC6265CookieParserTest.java   | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/RFC6265CookieParserTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/RFC6265CookieParserTest.java
index 13a6e7fbf846..5fbf65bd657e 100644
--- a/jetty-http/src/test/java/org/eclipse/jetty/http/RFC6265CookieParserTest.java
+++ b/jetty-http/src/test/java/org/eclipse/jetty/http/RFC6265CookieParserTest.java
@@ -43,7 +43,7 @@ public void testRFC2965Single()
         // There are 2 attributes, so 2 violations.
         assertThat(parser.violations.size(), is(2));
 
-        // Same test with RFC 6265.
+        // Same test with RFC6265.
         parser = new TestCookieParser(CookieCompliance.RFC6265);
         cookies = parser.parseFields(rawCookie);
         assertThat("Cookies.length", cookies.size(), is(3));
@@ -54,6 +54,24 @@ public void testRFC2965Single()
         // There attributes are seen as just normal cookies, so no violations
         assertThat(parser.violations.size(), is(0));
 
+        // Same again, but allow attributes which are ignored
+        parser = new TestCookieParser(CookieCompliance.from("RFC6265,ATTRIBUTES"));
+        cookies = parser.parseFields(rawCookie);
+        assertThat("Cookies.length", cookies.size(), is(1));
+        assertCookie("Cookies[0]", cookies.get(0), "Customer", "WILE_E_COYOTE", 0, null);
+
+        // There attributes are seen as just normal cookies, so no violations
+        assertThat(parser.violations.size(), is(2));
+
+        // Same again, but allow attributes which are not ignored
+        parser = new TestCookieParser(CookieCompliance.from("RFC6265,ATTRIBUTE_VALUES"));
+        cookies = parser.parseFields(rawCookie);
+        assertThat("Cookies.length", cookies.size(), is(1));
+        assertCookie("Cookies[0]", cookies.get(0), "Customer", "WILE_E_COYOTE", 1, "/acme");
+
+        // There attributes are seen as just normal cookies, so no violations
+        assertThat(parser.violations.size(), is(2));
+
         // Same test with RFC 6265 strict should throw.
         parser = new TestCookieParser(CookieCompliance.RFC6265_STRICT);
         cookies = parser.parseFields(rawCookie);