Sdk: Cookie.fromSetCookieValue doesn't handle double quotes

Created on 4 Jun 2018  路  10Comments  路  Source: dart-lang/sdk

Hi,

I'm using the HttpClient from the dart:io package within a Flutter project. Some websites returning in the set-cookie headers, cookie values with double quotes, e.g. instagram.com if expiring cookies:
'sessionid=""; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Domain=instagram.com; Path=/'.

If calling Cookie.fromSetCookieValue with the example above, the function will throw an error: Invalid character in cookie value, code unit: '34' The value is in this case ""

I found out that the code doesn't handle double quotes. Any plans to implement this behaviour? Go has an implementation for it https://github.com/golang/go/blob/master/src/net/http/cookie.go#L369

I'm happy to contribute, if wanted.

Flutter (Channel dev, v0.5.1, on Mac OS X 10.13.4 17E199, locale de-DE)
Framework revision c7ea3ca377 (6 days ago), 2018-05-29 21:07:33 +0200
Engine revision 1ed25ca7b7
Dart version 2.0.0-dev.58.0.flutter-f981f09760

P2 area-library library-io type-bug
Source
picture tecbot
👍2

All 10 comments

Also encountered this issue with Instagram and other sites.

alexdelorenzo picture alexdelorenzo on 6 Jul 2018
👍1

Unless I am misreading RFC 6265, then a cookie-value that is enclosed in double quotes should be valid, and the current Dart SDK implementation is an oversight.

 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                     ; US-ASCII characters excluding CTLs,
                     ; whitespace DQUOTE, comma, semicolon,
                     ; and backslash
jonahwilliams picture jonahwilliams on 7 Jul 2018

Can confirm this occurs; also using Instagram.

thosakwe picture thosakwe on 27 Jul 2018

The pull request #33765 fails for cookies with empty value but no quotes:
CookieName=; expires=somedateinthepast

Sense545 picture Sense545 on 24 Jan 2019

This is related to commit https://github.com/dart-lang/sdk/commit/a9ad427ea22ad81c9a06c4c35c04c1ab029c08df

@zanderso thoughts?

kevmoo picture kevmoo on 24 Jan 2019

I put up a fix at https://dart-review.googlesource.com/c/sdk/+/91221

sortie picture sortie on 25 Jan 2019

@sortie any updates on this? Was your review ever merged in?

stuartsoft picture stuartsoft on 10 May 2019

Hi @stuartsoft. Nope, the changelist is still in review. I have approval but I wanted to take a final look before finishing it up. Unfortunately I got sidetracked with some other important tasks, but I'll try to get back to this soon.

sortie picture sortie on 10 May 2019

The fix in https://github.com/dart-lang/sdk/commit/a9ad427ea22ad81c9a06c4c35c04c1ab029c08df stripped double quotes instead of preserving them as part of the value. I'm working on a fix to preserve the double quotes as part of the value instead of being considered an encoding.

sortie picture sortie on 22 May 2019

I've now landed the fix that preserves the double quotes as part of the value instead of stripping them.

sortie picture sortie on 23 May 2019
🚀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Hixie picture Hixie  路  3Comments
ranquild picture ranquild  路  3Comments
brooth picture brooth  路  3Comments
jmesserly picture jmesserly  路  3Comments
gspencergoog picture gspencergoog  路  3Comments