search

Kong / unirest-java

Unirest in Java: Simplified, lightweight HTTP client library.
http://kong.github.io/unirest-java/
MIT License
2.58k stars 591 forks source link

Cookie expiry date invalid format #457

Closed Rakambda closed 1 year ago

Rakambda commented 1 year ago

Describe the bug I have a case where a user has his locale set into Chinese, and when I try to set a cookie with an expiry date, it fails verification (in JDK) because some characters are invalid (the Chinese ones).

Caused by: java.lang.IllegalArgumentException: invalid header value: "NNNNNN=XXXXXXXXX;Path=/;Domain=.whatever.com;Expires=週二, 12-12月-2023 04:53:24 HKT;Secure"
    at jdk.internal.net.http.common.Utils.newIAE(Utils.java:286) ~[java.net.http:?]
    at jdk.internal.net.http.HttpRequestBuilderImpl.checkNameAndValue(HttpRequestBuilderImpl.java:113) ~[java.net.http:?]
    at jdk.internal.net.http.HttpRequestBuilderImpl.header(HttpRequestBuilderImpl.java:126) ~[java.net.http:?]
    at jdk.internal.net.http.HttpRequestBuilderImpl.header(HttpRequestBuilderImpl.java:43) ~[java.net.http:?]
    at kong.unirest.core.java.JavaClient.lambda$setHeaders$1(JavaClient.java:105) ~[miner-shaded.jar:?]
    at java.util.ArrayList.forEach(ArrayList.java:1511) ~[?:?]
    at kong.unirest.core.java.JavaClient.setHeaders(JavaClient.java:105) ~[miner-shaded.jar:?]
    at kong.unirest.core.java.JavaClient.getRequest(JavaClient.java:92) ~[miner-shaded.jar:?]
    ... 24 more

Looking a bit how cookies are added I managed to get to unirest-java-core-4.0.0-RC4-sources.jar!/kong/unirest/core/Cookie.java:146 where header is added with expires.format(DateTimeFormatter.ofPattern("EEE, dd-MMM-yyyy HH:mm:ss zzz")) where EEE and MMM are locale dependant.

I don't really know how the RFC 7230 works but shouldn't these values be forced to be in an English locale? (and therefor use something like expires.format(DateTimeFormatter.ofPattern("EEE, dd-MMM-yyyy HH:mm:ss zzz", Locale.forLanguageTag("en")))

To Reproduce Steps to reproduce the behavior:

  1. Set locale to Chinese (or I guess any locale that may have special characters in date format)
  2. Add a cookie to the request with an expiry date
  3. Run request

Expected behavior Cookie to be added properly to the headers of the request

Environmental Data:

ryber commented 1 year ago

headers cannot contain character outside of lower ASCII, so Chinese is not possible, its just not a valid header at all. The date MUST be expressed with just ASCII.

Rakambda commented 1 year ago

Yes, but when providing cookies to unirest, a date object is given, not a string. It is unirest itself that transforms the cookie into an invalid header due to the date formater being locale dependant.

If I understand correctly, your solution to fix this would be for me forget about using the cookies feature and manually add them as headers ; which isn't really that convinient.

ryber commented 1 year ago

Ah I see what you are saying, I'll get in a fix this weekend

ryber commented 1 year ago

This is complete in v3.13.13 / v4.0.0-RC5