Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Bypass cookie validation #1

Merged
merged 1 commit into from
Jan 10, 2019
Merged

[FIX] Bypass cookie validation #1

merged 1 commit into from
Jan 10, 2019

Conversation

rodrigotomonari
Copy link

Patch for this issue: dwaite#19

Currently, cookiejar raises an exception when a cookie has an attribute/parameter that the cookiejar parser does not recognize. It also fails to parse cookies in headers if it contains unrecognized attributes. It should ignore the attribute rather than raise an exception. This is in violation of all current and former RFCs describing implementation of cookies.

irb(main):008:0> jar.set_cookie(u, 'foo=bar; RandomAttribute=1')
CookieJar::InvalidCookieError: Unknown cookie parameter 'randomattribute'

RFC 6525 4.1.2 "User agents ignore unrecognized cookie attributes (but not the entire cookie)."

RFC 2965 3.3 "The user agent MUST ignore attribute-value pairs whose attribute it does not recognize."

RFC 2109 10.1.1 "An "old" client that receives a "new" cookie will ignore attributes it does not understand; it returns what it does understand to the origin server."

@rodrigotomonari rodrigotomonari merged commit c6a5d86 into master Jan 10, 2019
tim-quigley pushed a commit that referenced this pull request Mar 22, 2022
@tim-quigley
[FIX] Bypass cookie validation (#1)
df5d4ba
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rodrigotomonari