Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8276774: Cookie stored in CookieHandler not sent if user headers contain cookie #18

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
@@ -108,21 +108,22 @@ public void collectHeaders0(StringBuilder sb) {
final HttpHeaders uh = userHeaders;

// Filter any headers from systemHeaders that are set in userHeaders
systemHeaders = HttpHeaders.of(systemHeaders.map(), (k,v) -> uh.firstValue(k).isEmpty());
final HttpHeaders sh = HttpHeaders.of(systemHeaders.map(),
(k,v) -> uh.firstValue(k).isEmpty());

// If we're sending this request through a tunnel,
// then don't send any preemptive proxy-* headers that
// the authentication filter may have saved in its
// cache.
collectHeaders1(sb, systemHeaders, nocookies);
collectHeaders1(sb, sh, nocookies);

// If we're sending this request through a tunnel,
// don't send any user-supplied proxy-* headers
// to the target server.
collectHeaders1(sb, userHeaders, nocookies);
collectHeaders1(sb, uh, nocookies);

// Gather all 'Cookie:' headers and concatenate their
// values in a single line.
// Gather all 'Cookie:' headers from the unfiltered system headers,
// and the user headers, and concatenate their values in a single line
collectCookies(sb, systemHeaders, userHeaders);

// terminate headers
@@ -96,6 +96,7 @@
*/
class Stream<T> extends ExchangeImpl<T> {

private static final String COOKIE_HEADER = "Cookie";
final Logger debug = Utils.getDebugLogger(this::dbgString, Utils.DEBUG);

final ConcurrentLinkedQueue<Http2Frame> inputQ = new ConcurrentLinkedQueue<>();
@@ -238,7 +239,7 @@ private void schedule() {
debug.log("already completed: dropping error %s", (Object) t);
}
} catch (Throwable x) {
Log.logError("Subscriber::onError threw exception: {0}", (Object) t);
Log.logError("Subscriber::onError threw exception: {0}", t);
} finally {
cancelImpl(t);
drainInputQueue();
@@ -321,10 +322,7 @@ CompletableFuture<T> readBodyAsync(HttpResponse.BodyHandler<T> handler,

@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("streamid: ")
.append(streamid);
return sb.toString();
return "streamid: " + streamid;
}

private void receiveDataFrame(DataFrame df) {
@@ -372,7 +370,6 @@ CompletableFuture<ExchangeImpl<T>> sendBodyAsync() {
return sendBodyImpl().thenApply( v -> this);
}

@SuppressWarnings("unchecked")
Stream(Http2Connection connection,
Exchange<T> e,
WindowController windowController)
@@ -424,7 +421,7 @@ void otherFrame(Http2Frame frame) throws IOException {
incoming_priority((PriorityFrame) frame);
break;
default:
String msg = "Unexpected frame: " + frame.toString();
String msg = "Unexpected frame: " + frame;
throw new IOException(msg);
}
}
@@ -626,10 +623,16 @@ private OutgoingHeaders<Stream<T>> headerFrame(long contentLength) {
// Filter context restricted from userHeaders
userh = HttpHeaders.of(userh.map(), Utils.CONTEXT_RESTRICTED(client()));

// Don't override Cookie values that have been set by the CookieHandler.
final HttpHeaders uh = userh;
BiPredicate<String, String> overrides =
(k, v) -> COOKIE_HEADER.equalsIgnoreCase(k)
|| uh.firstValue(k).isEmpty();

// Filter any headers from systemHeaders that are set in userHeaders
sysh = HttpHeaders.of(sysh.map(), (k,v) -> uh.firstValue(k).isEmpty());
// except for "Cookie:" - user cookies will be appended to system
// cookies
sysh = HttpHeaders.of(sysh.map(), overrides);

OutgoingHeaders<Stream<T>> f = new OutgoingHeaders<>(sysh, userh, this);
if (contentLength == 0) {
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -331,8 +331,8 @@ public void handle(HttpTestExchange t) throws IOException {
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));
} else if (cookie.size() == 2 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(0) + "]";
} else if (cookie.size() > 1 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(1) + "]";
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));