Skip to content

Commit

Permalink
8276774: Cookie stored in CookieHandler not sent if user headers cont…
Browse files Browse the repository at this point in the history
…ain cookie

Reviewed-by: dfuchs
Backport-of: 03debf277537135974d3f55e3a5c7cf6842ee5e0
  • Loading branch information
Evan Whelan authored and dfuch committed Nov 24, 2021
1 parent 2f51d80 commit 670d73e
Show file tree
Hide file tree
Showing 4 changed files with 593 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -109,21 +109,22 @@ public void collectHeaders0(StringBuilder sb) {
final HttpHeaders uh = userHeaders;

// Filter any headers from systemHeaders that are set in userHeaders
systemHeaders = HttpHeaders.of(systemHeaders.map(), (k,v) -> uh.firstValue(k).isEmpty());
final HttpHeaders sh = HttpHeaders.of(systemHeaders.map(),
(k,v) -> uh.firstValue(k).isEmpty());

// If we're sending this request through a tunnel,
// then don't send any preemptive proxy-* headers that
// the authentication filter may have saved in its
// cache.
collectHeaders1(sb, systemHeaders, nocookies);
collectHeaders1(sb, sh, nocookies);

// If we're sending this request through a tunnel,
// don't send any user-supplied proxy-* headers
// to the target server.
collectHeaders1(sb, userHeaders, nocookies);
collectHeaders1(sb, uh, nocookies);

// Gather all 'Cookie:' headers and concatenate their
// values in a single line.
// Gather all 'Cookie:' headers from the unfiltered system headers,
// and the user headers, and concatenate their values in a single line
collectCookies(sb, systemHeaders, userHeaders);

// terminate headers
Expand Down
19 changes: 11 additions & 8 deletions src/java.net.http/share/classes/jdk/internal/net/http/Stream.java
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@
*/
class Stream<T> extends ExchangeImpl<T> {

private static final String COOKIE_HEADER = "Cookie";
final Logger debug = Utils.getDebugLogger(this::dbgString, Utils.DEBUG);

final ConcurrentLinkedQueue<Http2Frame> inputQ = new ConcurrentLinkedQueue<>();
Expand Down Expand Up @@ -245,7 +246,7 @@ private void schedule() {
debug.log("already completed: dropping error %s", (Object) t);
}
} catch (Throwable x) {
Log.logError("Subscriber::onError threw exception: {0}", (Object) t);
Log.logError("Subscriber::onError threw exception: {0}", t);
} finally {
cancelImpl(t);
drainInputQueue();
Expand Down Expand Up @@ -328,10 +329,7 @@ CompletableFuture<T> readBodyAsync(HttpResponse.BodyHandler<T> handler,

@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("streamid: ")
.append(streamid);
return sb.toString();
return "streamid: " + streamid;
}

private void receiveDataFrame(DataFrame df) {
Expand Down Expand Up @@ -398,7 +396,6 @@ CompletableFuture<ExchangeImpl<T>> sendBodyAsync() {
return sendBodyImpl().thenApply( v -> this);
}

@SuppressWarnings("unchecked")
Stream(Http2Connection connection,
Exchange<T> e,
WindowController windowController)
Expand Down Expand Up @@ -455,7 +452,7 @@ void otherFrame(Http2Frame frame) throws IOException {
case ResetFrame.TYPE -> incoming_reset((ResetFrame) frame);
case PriorityFrame.TYPE -> incoming_priority((PriorityFrame) frame);

default -> throw new IOException("Unexpected frame: " + frame.toString());
default -> throw new IOException("Unexpected frame: " + frame);
}
}

Expand Down Expand Up @@ -652,10 +649,16 @@ private OutgoingHeaders<Stream<T>> headerFrame(long contentLength) {
// Filter context restricted from userHeaders
userh = HttpHeaders.of(userh.map(), Utils.CONTEXT_RESTRICTED(client()));

// Don't override Cookie values that have been set by the CookieHandler.
final HttpHeaders uh = userh;
BiPredicate<String, String> overrides =
(k, v) -> COOKIE_HEADER.equalsIgnoreCase(k)
|| uh.firstValue(k).isEmpty();

// Filter any headers from systemHeaders that are set in userHeaders
sysh = HttpHeaders.of(sysh.map(), (k,v) -> uh.firstValue(k).isEmpty());
// except for "Cookie:" - user cookies will be appended to system
// cookies
sysh = HttpHeaders.of(sysh.map(), overrides);

OutgoingHeaders<Stream<T>> f = new OutgoingHeaders<>(sysh, userh, this);
if (contentLength == 0) {
Expand Down
6 changes: 3 additions & 3 deletions test/jdk/java/net/httpclient/CookieHeaderTest.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -331,8 +331,8 @@ public void handle(HttpTestExchange t) throws IOException {
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));
} else if (cookie.size() == 2 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(0) + "]";
} else if (cookie.size() > 1 && !cookie.get(1).equals("ORDER=BISCUITS")) {
String msg = "Incorrect cookie header value:[" + cookie.get(1) + "]";
(new RuntimeException(msg)).printStackTrace();
t.sendResponseHeaders(500, -1);
os.write(msg.getBytes(UTF_8));
Expand Down
Loading

1 comment on commit 670d73e

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.