search

ZitchCode / SecureHttpClient

Cross-platform HttpClientHandler with TLS1.2 and Certificate Pinning
MIT License
33 stars 6 forks source link

Android Set-Cookie header problem #7

Closed hlogmans closed 6 years ago

hlogmans commented 6 years ago

https://github.com/tranb3r/secure-httpclient/blob/97018084caf9e4415dddf688fb2b5e1a7c91e947/SecureHttpClient/Platforms/Android/SecureHttpClientHandler.cs#L212-L217

These lines fail for the Set-Cookie headers. Set-Cookie is the only header that may appear multiple times. When multiple Set-Cookie headers are present, they all get the same content instead of the different cookies.

I suggest the code:

                foreach (var k in resp.Headers().ToMultimap())
                {
                    // special handling for Set-Cookie because folding them into one header is strongly discouraged.
                    // but adding them just folds them again so this is no option at the moment
                    ret.Headers.TryAddWithoutValidation(k.Key, k.Value);
                    ret.Content.Headers.TryAddWithoutValidation(k.Key, k.Value);
                }

BTW: What is the use of line 216? Should that be a subselection of the headers?

tranb3r commented 6 years ago

Good catch. Fix done on master. About line 216 : I agree it should be a subselection, but which ones ? It's probably not a big deal to add more headers than necessary...