From 1cfab0dd91383a07fb3af1c3abd325f6e467f8fe Mon Sep 17 00:00:00 2001 From: Stephane Epardaud Date: Thu, 15 Apr 2021 10:32:01 +0200 Subject: [PATCH] FlashScopeUtil: fix for #16534 better flash cookie handling Handle empty values safer, and clear the cookie after we've read it --- .../devconsole/runtime/spi/FlashScopeUtil.java | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/extensions/vertx-http/dev-console-runtime-spi/src/main/java/io/quarkus/devconsole/runtime/spi/FlashScopeUtil.java b/extensions/vertx-http/dev-console-runtime-spi/src/main/java/io/quarkus/devconsole/runtime/spi/FlashScopeUtil.java index 42791ad49bfa7..fe12ed6e0bece 100644 --- a/extensions/vertx-http/dev-console-runtime-spi/src/main/java/io/quarkus/devconsole/runtime/spi/FlashScopeUtil.java +++ b/extensions/vertx-http/dev-console-runtime-spi/src/main/java/io/quarkus/devconsole/runtime/spi/FlashScopeUtil.java @@ -29,11 +29,19 @@ public static Object getFlash(RoutingContext event) { public static void handleFlashCookie(RoutingContext event) { Cookie cookie = event.request().getCookie(FLASH_COOKIE_NAME); - event.response().removeCookie(FLASH_COOKIE_NAME); if (cookie != null) { - Map data = unmarshallMap(Base64.getDecoder().decode(cookie.getValue().getBytes())); - event.data().put(FLASH_CONTEXT_DATA_NAME, data); + byte[] bytes = cookie.getValue().getBytes(); + if (bytes != null && bytes.length != 0) { + byte[] decoded = Base64.getDecoder().decode(bytes); + // API says it can't be null + if (decoded.length > 0) { + Map data = unmarshallMap(decoded); + event.data().put(FLASH_CONTEXT_DATA_NAME, data); + } + } } + // must do this after we've read the value, otherwise we can't read it, for some reason + event.response().removeCookie(FLASH_COOKIE_NAME); } // we don't use json because quarkus-vertx-http does not depend on Jackson databind and therefore the