New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Case insensitive cookie domain #158

Closed
ondrap opened this Issue Sep 17, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@ondrap
Contributor

ondrap commented Sep 17, 2015

I'm implementing some service with 'so-called' enterprise CAS authentication... anyway, the process goes through several 302-type redirects and cookie settings on the way. Some of the URLs in the Location are uppercase (great Windows systems...), so the domain part of the Cookie ends up being uppercase. When I next issue another statement to the lowercase domain, the cookie is not sent. Shouldn't the cookies (or the domainMatches) be case insensitive on the domain name? IMO DNS names generally should be treated as ASCII case insensitive.

On a related note: when some redirects happen during a request, is there a way to extract the last request that lead to the response?

@snoyberg

This comment has been minimized.

Show comment
Hide comment
@snoyberg

snoyberg Sep 18, 2015

Owner

Check out withReaponseHistory for getting intermediate requests.

I agree, domain name handling should be case insensitive. I haven't touched
that code myself, but I doubt that should be too difficult to change.
Interested in taking a stab at a PR?

On Thu, Sep 17, 2015, 10:03 PM Ondrej Palkovsky notifications@github.com
wrote:

I'm implementing some service with 'so-called' enterprise CAS
authentication... anyway, the process goes through sever 302-type redirects
and cookie settings on the way. Some of the URLs in the Location are
uppercase (great Windows systems...), so the domain part of the Cookie
ends up being uppercase. When I next issue another statement to the
lowercase domain, the cookie is not sent. Shouldn't the cookies (or the
domainMatches) be case insensitive on the domain name? IMO DNS names
generally should be treated as ASCII case insensitive.

On a related note: when some redirects happen during a request, is there a
way to extract the last request that lead to the response?


Reply to this email directly or view it on GitHub
#158.

Owner

snoyberg commented Sep 18, 2015

Check out withReaponseHistory for getting intermediate requests.

I agree, domain name handling should be case insensitive. I haven't touched
that code myself, but I doubt that should be too difficult to change.
Interested in taking a stab at a PR?

On Thu, Sep 17, 2015, 10:03 PM Ondrej Palkovsky notifications@github.com
wrote:

I'm implementing some service with 'so-called' enterprise CAS
authentication... anyway, the process goes through sever 302-type redirects
and cookie settings on the way. Some of the URLs in the Location are
uppercase (great Windows systems...), so the domain part of the Cookie
ends up being uppercase. When I next issue another statement to the
lowercase domain, the cookie is not sent. Shouldn't the cookies (or the
domainMatches) be case insensitive on the domain name? IMO DNS names
generally should be treated as ASCII case insensitive.

On a related note: when some redirects happen during a request, is there a
way to extract the last request that lead to the response?


Reply to this email directly or view it on GitHub
#158.

@ondrap

This comment has been minimized.

Show comment
Hide comment
@ondrap

ondrap Sep 18, 2015

Contributor

Ok, I will try to make one. It seems to me the best way would be changing the type to cookieDomain :: CI ByteString from case-insensitive. Is that OK or would you rather not change the type?

Contributor

ondrap commented Sep 18, 2015

Ok, I will try to make one. It seems to me the best way would be changing the type to cookieDomain :: CI ByteString from case-insensitive. Is that OK or would you rather not change the type?

@snoyberg

This comment has been minimized.

Show comment
Hide comment
@snoyberg

snoyberg Sep 18, 2015

Owner

I'd rather avoid a breaking change

On Fri, Sep 18, 2015, 9:13 AM Ondrej Palkovsky notifications@github.com
wrote:

Ok, I will try to make one. It seems to me the best way would be changing
the type to cookieDomain :: CI ByteString from case-insensitive. Is that
OK or would you rather not change the type?


Reply to this email directly or view it on GitHub
#158 (comment)
.

Owner

snoyberg commented Sep 18, 2015

I'd rather avoid a breaking change

On Fri, Sep 18, 2015, 9:13 AM Ondrej Palkovsky notifications@github.com
wrote:

Ok, I will try to make one. It seems to me the best way would be changing
the type to cookieDomain :: CI ByteString from case-insensitive. Is that
OK or would you rather not change the type?


Reply to this email directly or view it on GitHub
#158 (comment)
.

@snoyberg

This comment has been minimized.

Show comment
Hide comment
@snoyberg

snoyberg Sep 18, 2015

Owner

PR merged, thanks!

Owner

snoyberg commented Sep 18, 2015

PR merged, thanks!

@snoyberg snoyberg closed this Sep 18, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment