From 488fc477127973dcad30677e0cee053ff036f4d7 Mon Sep 17 00:00:00 2001
From: Sebastian Mayr <sebastian@trello.com>
Date: Sat, 3 Oct 2015 20:00:40 +0200
Subject: [PATCH] Enable loose cookie parsing in tough-cookie

tough-cookie 2.1.0 got a loose cookie mode which is more how browsers actually behave. It implies an empty key for value-only cookies.
---
 lib/cookies.js        |  4 ++--
 package.json          |  2 +-
 tests/test-cookies.js | 30 ++++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/lib/cookies.js b/lib/cookies.js
index adde7c601..412c07d63 100644
--- a/lib/cookies.js
+++ b/lib/cookies.js
@@ -13,13 +13,13 @@ exports.parse = function(str) {
   if (typeof str !== 'string') {
     throw new Error('The cookie function only accepts STRING as param')
   }
-  return Cookie.parse(str)
+  return Cookie.parse(str, {loose: true})
 }
 
 // Adapt the sometimes-Async api of tough.CookieJar to our requirements
 function RequestJar(store) {
   var self = this
-  self._jar = new CookieJar(store)
+  self._jar = new CookieJar(store, {looseMode: true})
 }
 RequestJar.prototype.setCookie = function(cookieOrStr, uri, options) {
   var self = this
diff --git a/package.json b/package.json
index 47cf13e36..bd23acdef 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "node-uuid": "1.4.3",
     "qs": "5.1.0",
     "tunnel-agent": "0.4.1",
-    "tough-cookie": "2.1.0",
+    "tough-cookie": "2.2.0",
     "http-signature": "0.11.0",
     "oauth-sign": "0.8.0",
     "hawk": "3.1.0",
diff --git a/tests/test-cookies.js b/tests/test-cookies.js
index cf8de5cf9..7014935f0 100644
--- a/tests/test-cookies.js
+++ b/tests/test-cookies.js
@@ -6,11 +6,14 @@ var http = require('http')
 
 
 var validUrl = 'http://localhost:6767/valid'
+  , malformedUrl = 'http://localhost:6767/malformed'
   , invalidUrl = 'http://localhost:6767/invalid'
 
 var server = http.createServer(function (req, res) {
   if (req.url === '/valid') {
     res.setHeader('set-cookie', 'foo=bar')
+  } else if (req.url === '/malformed') {
+    res.setHeader('set-cookie', 'foo')
   } else if (req.url === '/invalid') {
     res.setHeader('set-cookie', 'foo=bar; Domain=foo.com')
   }
@@ -30,6 +33,13 @@ tape('simple cookie creation', function(t) {
   t.end()
 })
 
+tape('simple malformed cookie creation', function(t) {
+  var cookie = request.cookie('foo')
+  t.equals(cookie.key, '')
+  t.equals(cookie.value, 'foo')
+  t.end()
+})
+
 tape('after server sends a cookie', function(t) {
   var jar1 = request.jar()
   request({
@@ -50,6 +60,26 @@ tape('after server sends a cookie', function(t) {
   })
 })
 
+tape('after server sends a malformed cookie', function(t) {
+  var jar = request.jar()
+  request({
+    method: 'GET',
+    url: malformedUrl,
+    jar: jar
+  },
+  function (error, response, body) {
+    t.equal(error, null)
+    t.equal(jar.getCookieString(malformedUrl), 'foo')
+    t.equal(body, 'okay')
+
+    var cookies = jar.getCookies(malformedUrl)
+    t.equal(cookies.length, 1)
+    t.equal(cookies[0].key, '')
+    t.equal(cookies[0].value, 'foo')
+    t.end()
+  })
+})
+
 tape('after server sends a cookie for a different domain', function(t) {
   var jar2 = request.jar()
   request({