-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set-Cookie header is changed when using foxy #14
Comments
So one of the backend devs on my team did some digging into this today. Here is what he had to say (disclaimer: i'm a FE dev and don't completely understand all of this, just wanted to pass it along as he took a pretty deep dive into the code in Python): Python 2.7.7 fixes a security issue for cookie processing. Basically invalid cookie values are stripped out from that point on After he told me that, he went ahead and fixed it locally :) He's going to open a PR with the fix for this. You should see it shortly. |
Thank you for your persistence, I will follow up asap :) |
Thanks. It really slowed down people on El Capitan at work so we dug into it. Would appreciate if you could put out a new version with this fix at your earliest convenience so we don't have to keep editing our local foxy setup when we overwrite our node_modules :) |
Can someone point me to a django app I can install and test this on? I have python/django already setup - so just need some sort of app with logins already set up to set this |
fixed in foxy@11.1.4 |
I posted this issue to browser_sync (BrowserSync/browser-sync#842) first, but then I traced it to foxy.
I am using django and proxy mode in browser sync. I noticed that after using django.contrib.messages, django.contrib.sessions stopped working (I cannot login, send post request through CSRF). This is caused by django not being able to parse message cookie, and all cookies after that. After some investigation I noticed that when django is sending:
Set-Cookie:messages="412d773c32c6c08a1d6ddf88b24bef15a1dafd91$[[\"__json_message\"\0540\05420\054\"Cofni\\u0119to publikacj\\u0119 strony \\\"Strona G\\u0142\\u00f3wna\\\" w j\\u0119zyku Polski\"]]"; httponly; Path=/
foxy is passing:
set-cookie:messages=412d773c32c6c08a1d6ddf88b24bef15a1dafd91$[[\"__json_message\"\0540\05420\054\"Cofni\\u0119to publikacj\\u0119 strony \\\"Strona G\\u0142\\u00f3wna\\\" w j\\u0119zyku Polski\"]]; Path=/; HttpOnly
As you can see, there are double quotes missing around actual message. Probably django is not able to parse this cookie without them.
I am using foxy like that:
Also I checked that http-proxy (without foxy) is not changing these headers and is working correctly
The text was updated successfully, but these errors were encountered: