[
https://issues.apache.org/jira/browse/FELIX-6756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17933309#comment-17933309
]
Paul Rütter edited comment on FELIX-6756 at 3/7/25 1:21 PM:
------------------------------------------------------------
According to the specification:
```
if the cookie name is null or empty or contains any illegal characters (for
example, a comma, space, or semicolon) or matches a token reserved for use by
the cookie protocol
```
So this is indeed a bug in the wrapper implementation, as it doesn't take into
account the cookies that are used by the cookie protocol.
I'm not a fan of calling super with "dummy" though.
Couldn't we instead keep the current implementation, but keep a blocklist in `
CookieWrapper` of names that shouldn't be wrapped this like? Then these could
be skipped in the `wrap` method.
[~cziegeler] what do you think?
was (Author: JIRAUSER304433):
According to the specification:
```
if the cookie name is null or empty or contains any illegal characters (for
example, a comma, space, or semicolon) or matches a token reserved for use by
the cookie protocol
```
So this is indeed a bug in the wrapper implementation, as it doesn't take into
account the cookies that are used by the cookie protocol.
I'm not a fan of calling super with "dummy" though.
Couldn't we instead keep the current implementation, but keep a blocklist of
names that shouldn't be wrapped this like?
[~cziegeler] what do you think?
> Cookie name "Path" is a reserved token
> --------------------------------------
>
> Key: FELIX-6756
> URL: https://issues.apache.org/jira/browse/FELIX-6756
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.wrappers-1.1.8
> Reporter: Rob Li
> Priority: Blocker
> Attachments: changes.diff
>
>
> Hi Gurus,
> we tried migrating our felix application to using tomcat 10, had to wrap our
> org.apache.felix.http.proxy.ProxyServlet implementation with the httpwrappers:
> {code:java}
> final ProxyServlet instance = new ProxyServlet();
> try {
> instance.init(new javax.servlet.ServletConfig() {
> @Override
> public String getInitParameter(final String
> name) {
> return
> filterConfig.getInitParameter(name);
> }
> @Override
> public Enumeration getInitParameterNames() {
> return
> filterConfig.getInitParameterNames();
> }
> @Override
> public javax.servlet.ServletContext
> getServletContext() {
> return new
> ServletContextWrapper(filterConfig.getServletContext());
> }
> @Override
> public String getServletName() {
> return filterConfig.getFilterName();
> }
> });
> } catch (javax.servlet.ServletException exception) {
> throw new ServletExceptionWrapper(exception);
> }
> this.servlet = new ServletWrapper(instance); {code}
> Then I am seeing this error:
> {noformat}
> java.lang.IllegalArgumentException: Cookie name "Path" is a reserved token
> at javax.servlet.http.Cookie.<init>(Cookie.java:192)
> at
> org.apache.felix.http.javaxwrappers.CookieWrapper.<init>(CookieWrapper.java:53)
> at
> org.apache.felix.http.javaxwrappers.CookieWrapper.wrap(CookieWrapper.java:41)
> at
> org.apache.felix.http.javaxwrappers.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:59)
> at
> javax.servlet.http.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:110)
> at
> javax.servlet.http.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:110)
> at
> org.apache.felix.http.jakartawrappers.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:63)
> at
> jakarta.servlet.http.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:66)
> at
> jakarta.servlet.http.HttpServletRequestWrapper.getCookies(HttpServletRequestWrapper.java:66){noformat}
> could you please take a look? Attached please fine the diff that fixed the
> issue.
> Appreicate your help!
> Rob
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
