New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie not being parsed correctly #2316
Comments
Seems to be returning nil here (HTTPHeaders+Directive.swift line 133) private func firstParameterToken() -> Substring.Index? {
for index in self.current.indices {
let character = self.current[index]
if character == .equals {
return index
} else if !character.isDirectiveKey {
return nil
}
}
return nil
} because it encounters a underscore. |
1 more thing I noticed. In the HTTPCookies initialiser: init?(directives: [HTTPHeaders.Directive]) {
self.cookies = [:]
for directive in directives {
guard let value = directive.parameter else {
return nil
}
self.cookies[.init(directive.value)] = .init(string: .init(value))
}
} on encountering a directive without param all other cookies are omitted. Is this intentional or should it just be a In this test setup: func testCookie_parsing() throws {
let headers = HTTPHeaders([
("cookie", "oauth2_authentication_csrf=MTU4NzA1MTc0N3xEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJRGs1WkRKbU1HRTVNMlF3TmpRM1lUbGhOelptTnprMU5EYzRZMlk1WkRObXx6lRdSC3-hPvE1pxp4ylFlBruOyJtRo8OnzBrAriBr0w==; vapor-session=ZFPQ46p3frNX52i3dM+JFlWbTxQX5rtGuQ5r7Gb6JUs=; oauth2_consent_csrf=MTU4NjkzNzgwMnxEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJR1ExWVRnM09USmhOamRsWXpSbU4yRmhOR1UwTW1KaU5tRXpPRGczTmpjMHweHbVecAf193ev3_1Tcf60iY9jSsq5-IQxGTyoztRTfg==")
])
XCTAssertEqual(headers.cookie?["vapor-session"]?.string, "ZFPQ46p3frNX52i3dM+JFlWbTxQX5rtGuQ5r7Gb6JUs=")
XCTAssertEqual(headers.cookie?["oauth2_authentication_csrf"]?.string, "MTU4NzA1MTc0N3xEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJRGs1WkRKbU1HRTVNMlF3TmpRM1lUbGhOelptTnprMU5EYzRZMlk1WkRObXx6lRdSC3-hPvE1pxp4ylFlBruOyJtRo8OnzBrAriBr0w==")
XCTAssertEqual(headers.cookie?["oauth2_consent_csrf"]?.string, "MTU4NjkzNzgwMnxEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJR1ExWVRnM09USmhOamRsWXpSbU4yRmhOR1UwTW1KaU5tRXpPRGczTmpjMHweHbVecAf193ev3_1Tcf60iY9jSsq5-IQxGTyoztRTfg==")
} all asserts fail. While the |
I've put up a fix here: #2317
Yeah this is intentional. If the cookie header is malformed then |
Hi,
I'm using Vapor together with ory/hydra. Which calls 1 of my endpoints with a
oauth2_authentication_csrf
cookie. In Vapor 4.0.0-rc.1 this worked perfectly however after updating to Vapor 4.1.0 the cookie is no longer parsed by Vapor.Steps to reproduce
Perform a request with this cookie header:
Expected behavior
oauth2_authentication_csrf
cookie should be present onreq.cookies
.Actual behavior
It isn't.
Environment
The text was updated successfully, but these errors were encountered: