Skip to content
Permalink
Browse files
8276774: Cookie stored in CookieHandler not sent if user headers cont…
…ain cookie

Reviewed-by: clanger, dfuchs
Backport-of: 03debf277537135974d3f55e3a5c7cf6842ee5e0
  • Loading branch information
TheRealMDoerr committed Dec 2, 2021
1 parent 22186cb commit 8fe5d595fba16227e50f4a680464c769205868ff
Show file tree
Hide file tree
Showing 4 changed files with 593 additions and 16 deletions.
@@ -108,21 +108,22 @@ public void collectHeaders0(StringBuilder sb) {
final HttpHeaders uh = userHeaders;

// Filter any headers from systemHeaders that are set in userHeaders
systemHeaders = HttpHeaders.of(systemHeaders.map(), (k,v) -> uh.firstValue(k).isEmpty());
final HttpHeaders sh = HttpHeaders.of(systemHeaders.map(),
(k,v) -> uh.firstValue(k).isEmpty());

// If we're sending this request through a tunnel,
// then don't send any preemptive proxy-* headers that
// the authentication filter may have saved in its
// cache.
collectHeaders1(sb, systemHeaders, nocookies);
collectHeaders1(sb, sh, nocookies);

// If we're sending this request through a tunnel,
// don't send any user-supplied proxy-* headers
// to the target server.
collectHeaders1(sb, userHeaders, nocookies);
collectHeaders1(sb, uh, nocookies);

// Gather all 'Cookie:' headers and concatenate their
// values in a single line.
// Gather all 'Cookie:' headers from the unfiltered system headers,
// and the user headers, and concatenate their values in a single line
collectCookies(sb, systemHeaders, userHeaders);

// terminate headers
@@ -96,6 +96,7 @@
*/
class Stream<T> extends ExchangeImpl<T> {

private static final String COOKIE_HEADER = "Cookie";
final Logger debug = Utils.getDebugLogger(this::dbgString, Utils.DEBUG);

final ConcurrentLinkedQueue<Http2Frame> inputQ = new ConcurrentLinkedQueue<>();
@@ -238,7 +239,7 @@ private void schedule() {
debug.log("already completed: dropping error %s", (Object) t);
}
} catch (Throwable x) {
Log.logError("Subscriber::onError threw exception: {0}", (Object) t);
Log.logError("Subscriber::onError threw exception: {0}", t);
} finally {
cancelImpl(t);
drainInputQueue();
@@ -321,10 +322,7 @@ CompletableFuture<T> readBodyAsync(HttpResponse.BodyHandler<T> handler,

@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("streamid: ")
.append(streamid);
return sb.toString();
return "streamid: " + streamid;
}

private void receiveDataFrame(DataFrame df) {
@@ -372,7 +370,6 @@ CompletableFuture<ExchangeImpl<T>> sendBodyAsync() {
return sendBodyImpl().thenApply( v -> this);
}

@SuppressWarnings("unchecked")
Stream(Http2Connection connection,
Exchange<T> e,
WindowController windowController)
@@ -424,7 +421,7 @@ void otherFrame(Http2Frame frame) throws IOException {
incoming_priority((PriorityFrame) frame);
break;
default:
String msg = "Unexpected frame: " + frame.toString();
String msg = "Unexpected frame: " + frame;
throw new IOException(msg);
}
}
@@ -626,10 +623,16 @@ private OutgoingHeaders<Stream<T>> headerFrame(long contentLength) {
// Filter context restricted from userHeaders
userh = HttpHeaders.of(userh.map(), Utils.CONTEXT_RESTRICTED(client()));

// Don't override Cookie values that have been set by the CookieHandler.
final HttpHeaders uh = userh;
BiPredicate<String, String> overrides =
(k, v) -> COOKIE_HEADER.equalsIgnoreCase(k)
|| uh.firstValue(k).isEmpty();

// Filter any headers from systemHeaders that are set in userHeaders
sysh = HttpHeaders.of(sysh.map(), (k,v) -> uh.firstValue(k).isEmpty());
// except for "Cookie:" - user cookies will be appended to system
// cookies
sysh = HttpHeaders.of(sysh.map(), overrides);

OutgoingHeaders<Stream<T>> f = new OutgoingHeaders<>(sysh, userh, this);
if (contentLength == 0) {
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -331,8 +331,8 @@ public void handle(HttpTestExchange t) throws IOException {
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));
} else if (cookie.size() == 2 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(0) + "]";
} else if (cookie.size() > 1 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(1) + "]";
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));

1 comment on commit 8fe5d59

@openjdk-notifier
Copy link

@openjdk-notifier openjdk-notifier bot commented on 8fe5d59 Dec 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.