Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set-Cookie header is changed when using foxy #14

Closed
maciej-pawlisz opened this issue Oct 3, 2015 · 6 comments
Closed

Set-Cookie header is changed when using foxy #14

maciej-pawlisz opened this issue Oct 3, 2015 · 6 comments

Comments

@maciej-pawlisz
Copy link

I posted this issue to browser_sync (BrowserSync/browser-sync#842) first, but then I traced it to foxy.
I am using django and proxy mode in browser sync. I noticed that after using django.contrib.messages, django.contrib.sessions stopped working (I cannot login, send post request through CSRF). This is caused by django not being able to parse message cookie, and all cookies after that. After some investigation I noticed that when django is sending:
Set-Cookie:messages="412d773c32c6c08a1d6ddf88b24bef15a1dafd91$[[\"__json_message\"\0540\05420\054\"Cofni\\u0119to publikacj\\u0119 strony \\\"Strona G\\u0142\\u00f3wna\\\" w j\\u0119zyku Polski\"]]"; httponly; Path=/
foxy is passing:
set-cookie:messages=412d773c32c6c08a1d6ddf88b24bef15a1dafd91$[[\"__json_message\"\0540\05420\054\"Cofni\\u0119to publikacj\\u0119 strony \\\"Strona G\\u0142\\u00f3wna\\\" w j\\u0119zyku Polski\"]]; Path=/; HttpOnly
As you can see, there are double quotes missing around actual message. Probably django is not able to parse this cookie without them.
I am using foxy like that:

var foxy = require('foxy');
proxy = foxy('http://localhost:8001').listen(8002);

Also I checked that http-proxy (without foxy) is not changing these headers and is working correctly
@maciej-pawlisz maciej-pawlisz mentioned this issue Nov 12, 2015
Closed
@reintroducing
Copy link

So one of the backend devs on my team did some digging into this today. Here is what he had to say (disclaimer: i'm a FE dev and don't completely understand all of this, just wanted to pass it along as he took a pretty deep dive into the code in Python):

Python 2.7.7 fixes a security issue for cookie processing. Basically invalid cookie values are stripped out from that point on
C Packages will not build on el capitan in python 2.7.6 or below
So you can’t install our requirements with Python 2.7.6 or below
Basically the proxy browsersync uses is munging the cookies and they can’t be processed on Python’s side
So what it comes down to is that foxy shouldn’t be messing with the cookies, but it is
No way around on El Capitan but to fix foxy

After he told me that, he went ahead and fixed it locally :) He's going to open a PR with the fix for this. You should see it shortly.

@emperorcezar emperorcezar mentioned this issue Nov 12, 2015
Closed
@shakyShane
Copy link
Owner

Thank you for your persistence, I will follow up asap :)

@reintroducing
Copy link

Thanks. It really slowed down people on El Capitan at work so we dug into it. Would appreciate if you could put out a new version with this fix at your earliest convenience so we don't have to keep editing our local foxy setup when we overwrite our node_modules :)

@shakyShane
Copy link
Owner

#15 (comment)

@shakyShane
Copy link
Owner

Can someone point me to a django app I can install and test this on? I have python/django already setup - so just need some sort of app with logins already set up to set this

@shakyShane
Copy link
Owner

fixed in foxy@11.1.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reintroducing @shakyShane @maciej-pawlisz