Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 6fb830a

Browse files
fix: invalid cookie parsing
1 parent c1549aa commit 6fb830a

File tree

2 files changed

+59
-1
lines changed

2 files changed

+59
-1
lines changed

‎__tests__/cookies.unit.js‎

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,39 @@ describe('Cookie Tests:', function() {
299299
})
300300
}) // end it
301301

302+
/**
303+
* There is no definitive standard on what the cookie value can contain.
304+
* The most restrictive definition I could find comes from Safari which only supports
305+
* the ASCII character set, excluding semi-colon, comma, backslash, and white space.
306+
*
307+
* The % character is also ambiguous, as it is used as part of the URL encoded scheme. For the purpose of this test, we will leave this character out.
308+
*
309+
* @see {@link https://stackoverflow.com/a/1969339 | This StackOverflow answer which provides more context regarding the cookie value}
310+
*/
311+
it('Parse cookie with the entire supported set of ASCII characters', async function() {
312+
let asciiCharacterSet = ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
313+
314+
asciiCharacterSet =
315+
asciiCharacterSet.replace(' ', '')
316+
.replace(';', '')
317+
.replace(',', '')
318+
.replace('/', '')
319+
.replace('%', '');
320+
321+
let _event = Object.assign({},event,{
322+
path: '/cookieParse',
323+
multiValueHeaders: {
324+
cookie: [`test=${asciiCharacterSet}`]
325+
}
326+
})
327+
let result = await new Promise(r => api.run(_event,{},(e,res) => { r(res) }))
328+
expect(JSON.parse(result.body)).toEqual({
329+
cookies: {
330+
test: asciiCharacterSet,
331+
},
332+
})
333+
}) // end it
334+
302335
it('Parse & decode two cookies', async function() {
303336
let _event = Object.assign({},event,{
304337
path: '/cookieParse',
@@ -330,6 +363,31 @@ describe('Cookie Tests:', function() {
330363
})
331364
}) // end it
332365

366+
it('Parse & decode multiple cookies with the entire supported set of ASCII characters', async function() {
367+
let asciiCharacterSet = ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
368+
369+
asciiCharacterSet =
370+
asciiCharacterSet.replace(' ', '')
371+
.replace(';', '')
372+
.replace(',', '')
373+
.replace('/', '')
374+
.replace('%', '');
375+
376+
let _event = Object.assign({},event,{
377+
path: '/cookieParse',
378+
multiValueHeaders: {
379+
cookie: [`test=${asciiCharacterSet}; test2=${asciiCharacterSet}`]
380+
}
381+
})
382+
let result = await new Promise(r => api.run(_event,{},(e,res) => { r(res) }))
383+
expect(JSON.parse(result.body)).toEqual({
384+
cookies: {
385+
test: asciiCharacterSet,
386+
test2: asciiCharacterSet,
387+
},
388+
})
389+
}) // end it
390+
333391
}) // end parse tests
334392

335393
describe("Clear", function() {

‎lib/request.js‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ class REQUEST {
163163
this.cookies = cookies.reduce((acc, cookie) => {
164164
cookie = cookie.trim().split('=');
165165
return Object.assign(acc, {
166-
[cookie[0]]: UTILS.parseBody(decodeURIComponent(cookie[1])),
166+
[cookie[0]]: UTILS.parseBody(decodeURIComponent(cookie.slice(1).join('='))),
167167
});
168168
}, {});
169169

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /