Closed pat closed 1 year ago
@pat I'm wondering if Rack should handle this situation:
::Rack::Utils.parse_query(string, COOKIE_SEPARATOR)
@jodosha to be honest, I'm really not sure where the best place to handle it is - should it be Rack? or Puma? Or reported to Apple's Safari team? Or instead, should cookies be URL-encoded to ensure it's not a problem in the first place?
Maybe it's best to just close this issue? I'm going to talk to the third-party that's generating the cookies, and perhaps anyone who finds the same problem crop up will come across this post and potentially be aided by my middleware. 🤷🏻♂️
@pat Thank you.
I've hit a bit of an edge-case: we're integrating with a third-party that adds their own cookies to our site, and those cookies can contain user data. If that user-entered data includes non-ASCII characters (e.g. "brûlée"), then when that cookie data is passed along, some browsers mangle the accented characters. Safari is definitely screwing this up, but Chrome is fine.
When it comes to parsing the values on the server, Rack has a string in env["HTTP_COOKIE"] that includes "br\xFBl\xE9e", yet says its encoding is ASCII (but should be ISO-8859-1).
The issue as it relates to hanami-controller? Cookie keys are converted to symbols, and because the encoding is incorrect, I get an exception when the response is being put together. (I'm not using these cookies myself, otherwise I suspect the error would crop up sooner).
EncodingError: invalid symbol in encoding UTF-8
My workaround has been to fix env["COOKIE_DATA"] to be UTF-8 via a middleware app (see below), and then everything's fine, but perhaps hanami-controller should handle these situations more gracefully, and not raise an exception? 🤔 I realise it's not hanami-controller's fault that the cookie data is bad, mind you, but I suspect a fix here is easier than a fix in Safari. 😅