search

IdentityPython / SATOSA

Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)
https://idpy.org
Apache License 2.0
197 stars 121 forks source link

"Unknown Error" on weird cookie with space in value #468

Open prigaux opened 2 months ago

prigaux commented 2 months ago

Code Version

8.4.0

Expected Behavior

If the browser sends Cookie: foo: bar boo; SATOSA..., the cookie foo should be ignored.

Current Behavior

It fails with "Unknown error"

Possible Solution

Filter out those weird cookies on apache/nginx?

Steps to Reproduce

  1. create a cookie with a space in value. For example using JS: document.cookie = "foo=bar boo; path=/; domain=.univ.fr
  2. try to login