Fix #397: Allow all cookie names that conform to the RFC

- lenient flag is not needed anymore
2012-06-24 14:16:03 +09:00 · 2012-06-24 14:16:03 +09:00 · e3a8805259
commit e3a8805259
parent 9ae847c33a
3 changed files with 27 additions and 34 deletions
--- a/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java
+++ b/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java
@ -49,22 +49,19 @@ public class CookieDecoder {

    private static final String COMMA = ",";

-    private final boolean lenient;
-
    /**
-     * Creates a new decoder with strict parsing.
+     * Creates a new decoder.
     */
    public CookieDecoder() {
-        this(false);
+        super();
    }

    /**
-     * Creates a new decoder.
-     *
-     * @param lenient ignores cookies with the name 'HTTPOnly' instead of throwing an exception
+     * @deprecated Use {@link #CookieDecoder()} instead.
     */
-    public CookieDecoder(boolean lenient) {
-        this.lenient = lenient;
+    @Deprecated
+    public CookieDecoder(@SuppressWarnings("unused") boolean lenient) {
+        super();
    }

    /**
@ -105,11 +102,6 @@ public class CookieDecoder {
        Set<Cookie> cookies = new TreeSet<Cookie>();
        for (; i < names.size(); i ++) {
            String name = names.get(i);
-            // Not all user agents understand the HttpOnly attribute
-            if (lenient && CookieHeaderNames.HTTPONLY.equalsIgnoreCase(name)) {
-                continue;
-            }
-
            String value = values.get(i);
            if (value == null) {
                value = "";
--- a/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
+++ b/src/main/java/org/jboss/netty/handler/codec/http/DefaultCookie.java
@ -19,8 +19,6 @@ import java.util.Collections;
 import java.util.Set;
 import java.util.TreeSet;

-import org.jboss.netty.util.internal.CaseIgnoringComparator;
-


 /**
@ -28,22 +26,6 @@ import org.jboss.netty.util.internal.CaseIgnoringComparator;
 */
 public class DefaultCookie implements Cookie {

-    private static final Set<String> RESERVED_NAMES = new TreeSet<String>(CaseIgnoringComparator.INSTANCE);
-
-    static {
-        RESERVED_NAMES.add("Domain");
-        RESERVED_NAMES.add("Path");
-        RESERVED_NAMES.add("Comment");
-        RESERVED_NAMES.add("CommentURL");
-        RESERVED_NAMES.add("Discard");
-        RESERVED_NAMES.add("Port");
-        RESERVED_NAMES.add("Max-Age");
-        RESERVED_NAMES.add("Expires");
-        RESERVED_NAMES.add("Version");
-        RESERVED_NAMES.add("Secure");
-        RESERVED_NAMES.add("HTTPOnly");
-    }
-
    private final String name;
    private String value;
    private String domain;
@ -87,8 +69,8 @@ public class DefaultCookie implements Cookie {
            }
        }

-        if (RESERVED_NAMES.contains(name)) {
-            throw new IllegalArgumentException("reserved name: " + name);
+        if (name.charAt(0) == '$') {
+            throw new IllegalArgumentException("name starting with '$' not allowed: " + name);
        }

        this.name = name;
--- a/src/test/java/org/jboss/netty/handler/codec/http/CookieDecoderTest.java
+++ b/src/test/java/org/jboss/netty/handler/codec/http/CookieDecoderTest.java
@ -344,4 +344,23 @@ public class CookieDecoderTest {

        assertFalse(it.hasNext());
    }
+
+    @Test
+    public void testDecodingWeirdNames1() {
+        String src = "path=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.www.google.com";
+        Set<Cookie> cookies = new CookieDecoder().decode(src);
+        Cookie c = cookies.iterator().next();
+        assertEquals("path", c.getName());
+        assertEquals("", c.getValue());
+        assertEquals("/", c.getPath());
+    }
+
+    @Test
+    public void testDecodingWeirdNames2() {
+        String src = "HTTPOnly=";
+        Set<Cookie> cookies = new CookieDecoder().decode(src);
+        Cookie c = cookies.iterator().next();
+        assertEquals("HTTPOnly", c.getName());
+        assertEquals("", c.getValue());
+    }
 }