New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Quote mark breaks http.cookies, Cookie.py processing #71861
Comments
The problem is similar to https://bugs.python.org/issue22931 with square brackets in cookie values. >>> from Cookie import SimpleCookie
>>> cookie = SimpleCookie()
>>> cookie.load('a=b; c={"somekey":"value"}; d=e, f=g, some=other')
>>> cookie.output()
'Set-Cookie: a=b'
>>> From my tests I figured out that quote mark (") is causing problems. In fact, according to HTTP specification, cookies can't be JSON objects, but I think that python library shouldn't silently allow incorrect values. Probably incorrect cookies should be skipped, or some exception should be thrown there. |
Problem exists in Chrome for sure (it sends cookies as they are - set with JS for example). I have two another examples that can make this issue more clear: >>> from Cookie import SimpleCookie
>>> c = SimpleCookie()
>>> c.load('a=b; c=c"c; d=d')
>>> c.output()
'Set-Cookie: a=b'
Also using escaping and quotes (cookie version 1) works:
>>> c = SimpleCookie()
>>> c.load('a=b; c="c\\"c"; d=d')
>>> c.output()
'Set-Cookie: a=b\r\nSet-Cookie: c="c\\"c"\r\nSet-Cookie: d=d'
>>> |
Please find what Django's devs have done to parse cookies: I hope this might help to find a solution. |
Lib/http/cookies.py line 436: Add double-quote to
And now it accepts this cookie:
|
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: