"Unknown Error" on weird cookie with space in value

IdentityPython / SATOSA

Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)

https://idpy.org

Apache License 2.0

203 stars 123 forks source link

"Unknown Error" on weird cookie with space in value #468

Open prigaux opened 5 months ago

prigaux commented 5 months ago

Code Version

8.4.0

Expected Behavior

If the browser sends Cookie: foo: bar boo; SATOSA..., the cookie foo should be ignored.

Current Behavior

It fails with "Unknown error"

Possible Solution

Filter out those weird cookies on apache/nginx?

Steps to Reproduce

create a cookie with a space in value. For example using JS: document.cookie = "foo=bar boo; path=/; domain=.univ.fr
try to login

prigaux commented 2 months ago

To help users, we added the following on our rev-proxy :

        proxy_set_header Accept-Encoding "";
        subs_filter "^Unknown error$" "Il semble que vous ayez un cookie &eacute;trange mal g&eacute;r&eacute;, veuillez aller sur notre <a href='https://browser-diagnostic.univ-paris1.fr/'>outil de diagnostic</a>." r;

together with the following https://github.com/UnivParis1/browser-diagnostic/commit/50455e3aad6551f6ffa45976cb0cd77be77519cf