Split cookies on semicolons, when followed by valid cookie characters #12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The fixes proposed in #9 were addressed instead via e8289f8, but the following error continues to appear intermittently as of
reqres
0.2.3.9000:The proposed change is to initially parse the cookie string via
stri_split_regex
instead ofstri_split_fixed
, with splitting only performed on;
if followed by a valid cookie character (as defined in RFC 6265).Internally we have also identified a potential issue with handling of nameless cookies -- those with valid values but no names, as described here: httpwg/http-extensions#159.
This arises because splitting on the name/value pairs in this case results in an attribute vector for the
names
object whose length is odd (see L441, of theparse_cookies
function, paraphrased here):The end result is that
c("", "foo")
is passed vianames
, but only the second name is valid since the first is dropped.Our temporary fix was to drop nameless cookies, but it's probably preferable to retain them since IE, Chrome and Firefox treat them as valid.