Merge pull request #1811 from Sebmaster/malformed-cookies

Enable loose cookie parsing in tough-cookie
request · Oct 11, 2015 · 02c4b3a · 02c4b3a
2 parents 655d05c + 488fc47
commit 02c4b3a
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 3 deletions.
diff --git a/lib/cookies.js b/lib/cookies.js
@@ -13,13 +13,13 @@ exports.parse = function(str) {
   if (typeof str !== 'string') {
     throw new Error('The cookie function only accepts STRING as param')
   }
-  return Cookie.parse(str)
+  return Cookie.parse(str, {loose: true})
 }
 
 // Adapt the sometimes-Async api of tough.CookieJar to our requirements
 function RequestJar(store) {
   var self = this
-  self._jar = new CookieJar(store)
+  self._jar = new CookieJar(store, {looseMode: true})
 }
 RequestJar.prototype.setCookie = function(cookieOrStr, uri, options) {
   var self = this

diff --git a/package.json b/package.json
@@ -32,7 +32,7 @@
     "node-uuid": "~1.4.3",
     "qs": "~5.2.0",
     "tunnel-agent": "~0.4.1",
-    "tough-cookie": "~2.1.0",
+    "tough-cookie": "~2.2.0",
     "http-signature": "~0.11.0",
     "oauth-sign": "~0.8.0",
     "hawk": "~3.1.0",

diff --git a/tests/test-cookies.js b/tests/test-cookies.js
@@ -6,11 +6,14 @@ var http = require('http')
 
 
 var validUrl = 'http://localhost:6767/valid'
+  , malformedUrl = 'http://localhost:6767/malformed'
   , invalidUrl = 'http://localhost:6767/invalid'
 
 var server = http.createServer(function (req, res) {
   if (req.url === '/valid') {
     res.setHeader('set-cookie', 'foo=bar')
+  } else if (req.url === '/malformed') {
+    res.setHeader('set-cookie', 'foo')
   } else if (req.url === '/invalid') {
     res.setHeader('set-cookie', 'foo=bar; Domain=foo.com')
   }
@@ -30,6 +33,13 @@ tape('simple cookie creation', function(t) {
   t.end()
 })
 
+tape('simple malformed cookie creation', function(t) {
+  var cookie = request.cookie('foo')
+  t.equals(cookie.key, '')
+  t.equals(cookie.value, 'foo')
+  t.end()
+})
+
 tape('after server sends a cookie', function(t) {
   var jar1 = request.jar()
   request({
@@ -50,6 +60,26 @@ tape('after server sends a cookie', function(t) {
   })
 })
 
+tape('after server sends a malformed cookie', function(t) {
+  var jar = request.jar()
+  request({
+    method: 'GET',
+    url: malformedUrl,
+    jar: jar
+  },
+  function (error, response, body) {
+    t.equal(error, null)
+    t.equal(jar.getCookieString(malformedUrl), 'foo')
+    t.equal(body, 'okay')
+
+    var cookies = jar.getCookies(malformedUrl)
+    t.equal(cookies.length, 1)
+    t.equal(cookies[0].key, '')
+    t.equal(cookies[0].value, 'foo')
+    t.end()
+  })
+})
+
 tape('after server sends a cookie for a different domain', function(t) {
   var jar2 = request.jar()
   request({