[Bug]: Error when parsing cookies and multiple cookies in the same Set-Cookie header are ignored - Githubissues

openbullet / OpenBullet2

OpenBullet reinvented

https://docs.openbullet.dev/

MIT License

1.8k stars 479 forks source link

[Bug]: Error when parsing cookies and multiple cookies in the same Set-Cookie header are ignored #1090

Closed openbullet closed 2 months ago

openbullet commented 3 months ago

Add checks before this line in HttpResponseBuilder to prevent having negative length

cookieValue = cookie.Substring(separatorPos + 1, endCookiePos - separatorPos - 1);

Handle cookies like

Set-Cookie: cookie-name-1=cookie-value-1; Path=/; Domain=.example.com; Secure, cookie-name-2=cookie-value-2; Path=/; Domain=.example.com; Secure

Write tests and make sure to handle edge cases:

empty cookies between commas
invalid cookies like undefined in the following case: Path=/; Domain=.example.com; Secure, undefined, Path=/; Domain=.example.com; Secure
what happens if the cookie values have the following characters: ;, =, ,? Answer: the spec disallows them

Original Spec: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie Helpful SO answer with relevant context and RFCs: https://stackoverflow.com/a/2880070