Skip to content

Commit b2eb0a2

Browse files
qgolsteynqgolsteyn
authored
fix: resolve invalid cookie parsing when using = in value
1 parent c1549aa commit b2eb0a2

File tree

2 files changed

+61
-1
lines changed

2 files changed

+61
-1
lines changed

__tests__/cookies.unit.js

+58
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,39 @@ describe('Cookie Tests:', function() {
299299
})
300300
}) // end it
301301

302+
/**
303+
* There is no definitive standard on what the cookie value can contain.
304+
* The most restrictive definition I could find comes from Safari which only supports
305+
* the ASCII character set, excluding semi-colon, comma, backslash, and white space.
306+
*
307+
* The % character is also ambiguous, as it is used as part of the URL encoded scheme. For the purpose of this test, we will leave this character out.
308+
*
309+
* @see {@link https://stackoverflow.com/a/1969339 | This StackOverflow answer which provides more context regarding the cookie value}
310+
*/
311+
it('Parse cookie with the entire supported set of ASCII characters', async function() {
312+
let asciiCharacterSet = ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
313+
314+
asciiCharacterSet =
315+
asciiCharacterSet.replace(' ', '')
316+
.replace(';', '')
317+
.replace(',', '')
318+
.replace('/', '')
319+
.replace('%', '');
320+
321+
let _event = Object.assign({},event,{
322+
path: '/cookieParse',
323+
multiValueHeaders: {
324+
cookie: [`test=${asciiCharacterSet}`]
325+
}
326+
})
327+
let result = await new Promise(r => api.run(_event,{},(e,res) => { r(res) }))
328+
expect(JSON.parse(result.body)).toEqual({
329+
cookies: {
330+
test: asciiCharacterSet,
331+
},
332+
})
333+
}) // end it
334+
302335
it('Parse & decode two cookies', async function() {
303336
let _event = Object.assign({},event,{
304337
path: '/cookieParse',
@@ -330,6 +363,31 @@ describe('Cookie Tests:', function() {
330363
})
331364
}) // end it
332365

366+
it('Parse & decode multiple cookies with the entire supported set of ASCII characters', async function() {
367+
let asciiCharacterSet = ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
368+
369+
asciiCharacterSet =
370+
asciiCharacterSet.replace(' ', '')
371+
.replace(';', '')
372+
.replace(',', '')
373+
.replace('/', '')
374+
.replace('%', '');
375+
376+
let _event = Object.assign({},event,{
377+
path: '/cookieParse',
378+
multiValueHeaders: {
379+
cookie: [`test=${asciiCharacterSet}; test2=${asciiCharacterSet}`]
380+
}
381+
})
382+
let result = await new Promise(r => api.run(_event,{},(e,res) => { r(res) }))
383+
expect(JSON.parse(result.body)).toEqual({
384+
cookies: {
385+
test: asciiCharacterSet,
386+
test2: asciiCharacterSet,
387+
},
388+
})
389+
}) // end it
390+
333391
}) // end parse tests
334392

335393
describe("Clear", function() {

lib/request.js

+3-1
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,9 @@ class REQUEST {
163163
this.cookies = cookies.reduce((acc, cookie) => {
164164
cookie = cookie.trim().split('=');
165165
return Object.assign(acc, {
166-
[cookie[0]]: UTILS.parseBody(decodeURIComponent(cookie[1])),
166+
[cookie[0]]: UTILS.parseBody(
167+
decodeURIComponent(cookie.slice(1).join('='))
168+
),
167169
});
168170
}, {});
169171

0 commit comments

Comments
 (0)