-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure some cookies don't cause failure #1645
Conversation
lib/rack/mock.rb
Outdated
@@ -257,7 +257,7 @@ def identify_cookie_attributes(cookie_filling) | |||
cookie_bits.each do |bit| | |||
if bit.include? '=' | |||
cookie_attribute, attribute_value = bit.split('=') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make mores sense to use split('=', 2)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, also works. Either way, the results of this function are discarded other than for these areas:
https://github.com/rack/rack/pull/1645/files#diff-4fc9bc1f7d91630f4f9f47fc6663f3f7L240-L245
It is probably incorrect to assume '=' is a divider.
A third option is not to process the first element of the cookie_bits
array at all, since this is the value. So cookie_bits[1..].each do |bit|
.
Fourth option, do both since the value could possibly also contain '='.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done both in f48f0b8
BTW: the build failures appear to be due to this: rubygems/rubygems#3570 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems good, but we need to make sure the build passes. It looks like there is a legit failure in 2.5
Co-authored-by: Aaron Patterson <aaron.patterson@gmail.com>
Done in c17569c. Thanks! |
Cookies can on occasion have base 64 encoded strings as their value. Base 64 encoded strings tend to end in '=' as this is a filler character. Cookies of this form cause rack to fail.
An example is
__cf_bm=_somebase64encodedstringwithequalsatthened=; array=awesome
.This fixes the bug.
Alternative approach would be that in the function I've patched, to only parse the headers required in the enclosing function.