Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie handling does not conform to RFC 6265 when sending multiple cookies #2983

Closed
sdeleuze opened this issue Nov 24, 2023 · 0 comments · Fixed by #2994
Closed

Cookie handling does not conform to RFC 6265 when sending multiple cookies #2983

sdeleuze opened this issue Nov 24, 2023 · 0 comments · Fixed by #2994
Assignees
@violetagg
Labels
type/bug A general bug
Milestone
1.0.40

Comments

@sdeleuze
Copy link
Contributor

As discussed in spring-projects/spring-framework#26451, Reactor Netty creates multiple distinct header entries when creating multiple cookies which is not spec compliant. I have create a reproducer with Spring Boot 3.2.0 on https://github.com/sdeleuze/demo-webclient-cookies.

With ReactorClientHttpConnector I see:

+--------+-------------------------------------------------+----------------+
|00000000| 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
|00000010| 61 63 63 65 70 74 2d 65 6e 63 6f 64 69 6e 67 3a |accept-encoding:|
|00000020| 20 67 7a 69 70 0d 0a 75 73 65 72 2d 61 67 65 6e | gzip..user-agen|
|00000030| 74 3a 20 52 65 61 63 74 6f 72 4e 65 74 74 79 2f |t: ReactorNetty/|
|00000040| 31 2e 31 2e 31 33 0d 0a 68 6f 73 74 3a 20 6c 6f |1.1.13..host: lo|
|00000050| 63 61 6c 68 6f 73 74 3a 38 30 38 30 0d 0a 61 63 |calhost:8080..ac|
|00000060| 63 65 70 74 3a 20 2a 2f 2a 0d 0a 63 6f 6f 6b 69 |cept: */*..cooki|
|00000070| 65 3a 20 63 6f 6f 6b 69 65 31 3d 66 6f 6f 0d 0a |e: cookie1=foo..|
|00000080| 63 6f 6f 6b 69 65 3a 20 63 6f 6f 6b 69 65 32 3d |cookie: cookie2=|
|00000090| 62 61 72 0d 0a 0d 0a                            |bar....         |
+--------+-------------------------------------------------+----------------+

With JdkClientHttpConnector I see:

+--------+-------------------------------------------------+----------------+
|00000000| 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a |GET / HTTP/1.1..|
|00000010| 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 55 70 67 72 |Connection: Upgr|
|00000020| 61 64 65 2c 20 48 54 54 50 32 2d 53 65 74 74 69 |ade, HTTP2-Setti|
|00000030| 6e 67 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e |ngs..Content-Len|
|00000040| 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 6c 6f |gth: 0..Host: lo|
|00000050| 63 61 6c 68 6f 73 74 3a 38 30 38 30 0d 0a 48 54 |calhost:8080..HT|
|00000060| 54 50 32 2d 53 65 74 74 69 6e 67 73 3a 20 41 41 |TP2-Settings: AA|
|00000070| 45 41 41 45 41 41 41 41 49 41 41 41 41 42 41 41 |EAAEAAAAIAAAABAA|
|00000080| 4d 41 41 41 42 6b 41 41 51 42 41 41 41 41 41 41 |MAAABkAAQBAAAAAA|
|00000090| 55 41 41 45 41 41 0d 0a 55 70 67 72 61 64 65 3a |UAAEAA..Upgrade:|
|000000a0| 20 68 32 63 0d 0a 55 73 65 72 2d 41 67 65 6e 74 | h2c..User-Agent|
|000000b0| 3a 20 4a 61 76 61 2d 68 74 74 70 2d 63 6c 69 65 |: Java-http-clie|
|000000c0| 6e 74 2f 31 37 2e 30 2e 37 0d 0a 41 63 63 65 70 |nt/17.0.7..Accep|
|000000d0| 74 3a 20 2a 2f 2a 0d 0a 43 6f 6f 6b 69 65 3a 20 |t: */*..Cookie: |
|000000e0| 63 6f 6f 6b 69 65 31 3d 66 6f 6f 3b 63 6f 6f 6b |cookie1=foo;cook|
|000000f0| 69 65 32 3d 62 61 72 0d 0a 0d 0a                |ie2=bar....     |
+--------+-------------------------------------------------+----------------+
@sdeleuze sdeleuze added status/need-triage A new issue that still need to be evaluated as a whole type/bug A general bug labels Nov 24, 2023
@sdeleuze sdeleuze changed the title Cookie handling with reactor netty does not conform to RFC 6265 when sending multiple cookies Cookie handling does not conform to RFC 6265 when sending multiple cookies Nov 24, 2023
@sdeleuze sdeleuze mentioned this issue Nov 24, 2023
Closed
@violetagg violetagg self-assigned this Nov 24, 2023
@violetagg violetagg removed the status/need-triage A new issue that still need to be evaluated as a whole label Nov 24, 2023
@violetagg violetagg added this to the 1.0.40 milestone Nov 24, 2023
violetagg added a commit that referenced this issue Dec 6, 2023
@violetagg
Ensure RFC 6265 compliance when sending multiple cookies
1dafcb8 
According to RFC 6265

"When the user agent generates an HTTP request, the user agent MUST
NOT attach more than one Cookie header field."

https://datatracker.ietf.org/doc/html/rfc6265#section-5.4

Fixes #2983
@violetagg violetagg mentioned this issue Dec 6, 2023
Merged
@violetagg violetagg linked a pull request Dec 6, 2023 that will close this issue
Ensure RFC 6265 compliance when sending multiple cookies #2994
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@violetagg violetagg

Labels
type/bug A general bug
Projects
None yet
Milestone
1.0.40
Development

Successfully merging a pull request may close this issue.

Ensure RFC 6265 compliance when sending multiple cookies reactor/reactor-netty
2 participants
@sdeleuze @violetagg