Ensure some cookies don't cause failure #1645
Conversation
lib/rack/mock.rb
Outdated
| @@ -257,7 +257,7 @@ def identify_cookie_attributes(cookie_filling) | |||
| cookie_bits.each do |bit| | |||
| if bit.include? '=' | |||
| cookie_attribute, attribute_value = bit.split('=') | |||
There was a problem hiding this comment.
Would it make mores sense to use split('=', 2)?
There was a problem hiding this comment.
Yes, also works. Either way, the results of this function are discarded other than for these areas:
https://github.com/rack/rack/pull/1645/files#diff-4fc9bc1f7d91630f4f9f47fc6663f3f7L240-L245
It is probably incorrect to assume '=' is a divider.
A third option is not to process the first element of the cookie_bits array at all, since this is the value. So cookie_bits[1..].each do |bit|.
Fourth option, do both since the value could possibly also contain '='.
|
BTW: the build failures appear to be due to this: rubygems/rubygems#3570 |
Co-authored-by: Aaron Patterson <aaron.patterson@gmail.com>
Done in c17569c. Thanks! |
Cookies can on occasion have base 64 encoded strings as their value. Base 64 encoded strings tend to end in '=' as this is a filler character. Cookies of this form cause rack to fail.
An example is
__cf_bm=_somebase64encodedstringwithequalsatthened=; array=awesome.This fixes the bug.
Alternative approach would be that in the function I've patched, to only parse the headers required in the enclosing function.