aio-libs / aiohttp

Asynchronous HTTP client/server framework for asyncio and Python
https://docs.aiohttp.org
Other
15.1k stars 2.02k forks source link

Wrong cookies format when sending request #2571

Closed neramusis closed 3 years ago

neramusis commented 6 years ago

While sending cookie with special symbols or spaces, aiohttp adds unnecessary quotes around cookie value.

This only occurs when cookies are added to session manually. ClientSession(cookies={..}) or when updating existing session.

This creates problem for server side to read cookies correctly.

asvetlov commented 6 years ago

Technically the format is not wrong -- it is 100% RFC compliant. Your servers are not 100% compliant. The client behavior could be fixed anyway, PR is welcome.

See also #2544 / #2545 discussion

JonasKs commented 4 years ago

Also having this issue. The cookie I have to send to the backend service may look something like this:

asdf+somestring/anotherstring=

Tested that it worked in both requests and httpx, so took a while to figure out why.

EDIT: Hmm, maybe not. I tried the echo service: EDIT2: No, this is the exact behaviour I see.

httpx and requests cookies look like this when printing request.headers in a Django middleware:

# httpx
{... 'Cookie': 'My-Cookie=asdf+somestring/anotherstring='}

while aiohttp looks like this:

# aiohttp
{... 'Cookie': 'My-Cookie="asdf+somestring/anotherstring="'}
JonasKs commented 4 years ago

@asvetlov , I was gonna try to raise a PR, but being the first time using aiohttp today - the library is a bit massive, and I'm not able to figure out where the qoutes are actually injected. It seems that BaseCookie is how, but even if I overwrite the current SimpleCookie and it's value_decode/value_encode methods, it makes no difference when it comes to whether or not the cookie is quoted or not.

Any tips on how to solve this?

webknjaz commented 4 years ago

@JonasKs try checking https://github.com/aio-libs/aiohttp/blob/master/aiohttp/cookiejar.py

JonasKs commented 4 years ago

@webknjaz I was looking there, and the message above is for this line of code, where the Morsel of SimpleCookie is created, which inherits from BaseCookie. It’s to my knowledge in BaseCookie the convention is done, but I wasn’t able to find exactly where, or atleast how to properly change the flow.

webknjaz commented 4 years ago

Have you tried sticking a debugger there? To be it looks like a rendering issue. As if something does the interpolation using repr(). Like f'{name}: {key}={value!r}'. FWIW try looking into how it gets into the headers.

JonasKs commented 4 years ago

It only happens when special characters (such as white space or slash) is in the string. I’ll have another look when I get back from vacation. Thanks!

JonasKs commented 4 years ago

Submitted a PR.

derlih commented 3 years ago

Looks like it is closed by #4881