cvs commit: jakarta-commons/httpclient/src/test/org/apache/commons/httpclient TestCookie.java

Tue, 06 Jan 2004 15:12:39 -0800 

olegk       2004/01/06 14:10:44

  Modified:    httpclient/src/java/org/apache/commons/httpclient/cookie
                        CookieSpecBase.java
               httpclient/src/test/org/apache/commons/httpclient
                        TestCookie.java
  Log:
  PR #25264 (Cookie rejected)
  
  Fixes the problem that causes rejection of cookies with a domain attribute 
'.domain.com' issued by host 'domain.com' in the browser compatibility mode. Even 
though the cookie violates the RFC 2109 it still gets accepted by mainstream browsers 
(tested with Mozilla Firebird and IE)
  
  Contributed by Oleg Kalnichevski
  
  Revision  Changes    Path
  1.21      +12 -6     
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java
  
  Index: CookieSpecBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- CookieSpecBase.java       2 Nov 2003 18:18:30 -0000       1.20
  +++ CookieSpecBase.java       6 Jan 2004 22:10:44 -0000       1.21
  @@ -428,9 +428,15 @@
   
               // domain must match host
               if (!host.endsWith(cookie.getDomain())) {
  -                throw new MalformedCookieException(
  -                    "Illegal domain attribute \"" + cookie.getDomain() 
  -                    + "\". Domain of origin: \"" + host + "\"");
  +                String s = cookie.getDomain();
  +                if (s.startsWith(".")) {
  +                    s = s.substring(1, s.length());
  +                }
  +                if (!host.equals(s)) { 
  +                    throw new MalformedCookieException(
  +                        "Illegal domain attribute \"" + cookie.getDomain() 
  +                        + "\". Domain of origin: \"" + host + "\"");
  +                }
               }
           } else {
               if (!host.equals(cookie.getDomain())) {
  
  
  
  1.27      +28 -4     
jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java
  
  Index: TestCookie.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- TestCookie.java   2 Nov 2003 18:18:30 -0000       1.26
  +++ TestCookie.java   6 Jan 2004 22:10:44 -0000       1.27
  @@ -1048,5 +1048,29 @@
           assertEquals("b,c", cookies[0].getValue());
       }
   
  +    
  +    /**
  +     * Tests if that invalid second domain level cookie gets 
  +     * rejected in the strict mode, but gets accepted in the
  +     * browser compatibility mode.
  +     */
  +    public void testSecondDomainLevelCookie() throws Exception {
  +        Cookie cookie = new Cookie(".sourceforge.net", "name", null, "/", null, 
false); 
  +        cookie.setDomainAttributeSpecified(true);
  +        cookie.setPathAttributeSpecified(true);
  +
  +        CookieSpec parser = null;
  +
  +        parser = CookiePolicy.getCookieSpec(CookiePolicy.BROWSER_COMPATIBILITY);
  +        parser.validate("sourceforge.net", 80, "/", false, cookie);
  +
  +        parser = CookiePolicy.getCookieSpec(CookiePolicy.RFC_2109);
  +        try {
  +            parser.validate("sourceforge.net", 80, "/", false, cookie);
  +            fail("MalformedCookieException should have been thrown");
  +        } catch (MalformedCookieException e) {
  +            // Expected
  +        }
  +    }
   }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to