[jira] [Commented] (MRESOLVER-574) Invalid Cookie set under proxy conditions

Wed, 26 Jun 2024 03:17:03 -0700 


    [ 
https://issues.apache.org/jira/browse/MRESOLVER-574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17860112#comment-17860112
 ] 

Tamas Cservenak commented on MRESOLVER-574:
-------------------------------------------

Thanks for your issue!

So it seems that apache transport (was renamed in Resolver 2.0.0) uses default 
cookie spec, that should not be the case? We may want to review other HTTP 
transports as well in this regard (as Resolver 2.0.0 got multitude of other 
HTTP transports like Jetty and Java11+ HttpClient ones)...

> Invalid Cookie set under proxy conditions
> -----------------------------------------
>
>                 Key: MRESOLVER-574
>                 URL: https://issues.apache.org/jira/browse/MRESOLVER-574
>             Project: Maven Resolver
>          Issue Type: Bug
>          Components: Resolver
>    Affects Versions: 1.9.20
>         Environment: Mac OS Sonoma with ZScaler proxy
>            Reporter: Helio Chissini de Castro
>            Priority: Minor
>
> We use a compliance OSS tool called [OSS Review 
> Toolkit|http://github.com/oss-review-toolkit/ort] that make usage of resolver 
> library to access artifacts described in a input document.
> Under regular open network, as example github CI/CD workflow, everything 
> works fine.
> But when under proxy environment, most specific main test over Mac zscaler, 
> it causes a warning that not prevent the operation, but can raise some flags. 
> It's described here:
> {code:java}
> 09:35:04.112 [DefaultDispatcher-worker-1] WARN  
> org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie 
> header: "Set-Cookie: <REDACTED>; Expires=Wed, 03 Jul 2024 07:35:03 GMT; 
> Path=/". Invalid 'expires' attribute: Wed, 03 Jul 2024 07:35:03 GMT
> 09:35:04.113 [DefaultDispatcher-worker-1] WARN  
> org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie 
> header: "Set-Cookie: AWSALBCORS=<REDACTED>; Expires=Wed, 03 Jul 2024 07:35:03 
> GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Wed, 03 Jul 
> 2024 07:35:03 GMT{code}
> After we cleared that was not direct Ort issue, next possible assumption was 
> resolver library.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to