Open eliasp opened 1 year ago
For anyone affected by this: as a workaround, try using the backend=
parameter for http.query
with either backend=requests
or backend=urllib2
.
I believe I've identified the issue with the Max-Age cookie.
When utilizing the cookie
variable to generate the cookiejar
object, several attributes such as httponly
and samesite
were already removed, but max-age
was not.
I'm new to this project and would like to contribute, but first I need to read the contributing criteria and add a proper test and changelog, among other things.
@eth7 your fix is incorrect. The Cookie
object is supposed to have an expiry. The problem, as previously mentioned, is that the code is a re-implementation of what the standard library already provides, using private APIs that can (and have) changed without notice.
@OrangeDog
Unfortunately the implementation from CookieJar.make_cookies
(Cookiejar docs) is used to extract cookies from an urllib2
response/request, which we cannot use in that case, since the tornado
HTTP client is used. Therefore, the function parse_cookie_header
was written to construct the object from a given header
.
You are right though about the expiry date, I added functionality to calculate the expiry
based on the max-age
.
See the following branch.
That's not going to work on different Python versions where the implementation of Cookie
is different.
It needs to adapt the tornado request/response to the urlib api, or otherwise use a public method for constructing the right cookie objects.
Description When a query done by
salt.utils.query
receives a cookie, which containsMax-Age=....
, it breaks:TypeError: Cookie.__init__() got an unexpected keyword argument 'max-age'
Setup We upgraded a very ancient Salt environment from 3002.x to 3005.1 when we started seeing this breakage. I could also reproduce it successfully using 3006-rc2 and current master. Salt itself doesn't need any specific setup/configuration, a masterless
salt-call http.query
is all that's needed, but since emulating an HTTP endpoint which provides the required response is a little bit tricky, using Salt's test suite instead with the following change reproduces this issue as well:Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
python -m nox -e "pytest-3.10(coverage=False)" -- tests/unit/utils/test_http.py
Result:
alternatively:
salt-call --local http.query
withcookies=True
against an endpoint, which replies with a cookie with aMax-Age=...
value.Result:
Expected behavior The response to a
http.query
request is handled without a Traceback.Versions Report
salt --versions-report
```yaml Salt Version: Salt: 3006.0rc2+101.g85a8358975 Python Version: Python: 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] Dependency Versions: cffi: Not Installed cherrypy: Not Installed dateutil: Not Installed docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.2 libgit2: Not Installed looseversion: 1.1.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.4 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 21.3 pycparser: Not Installed pycrypto: Not Installed pycryptodome: 3.17 pygit2: Not Installed python-gnupg: Not Installed PyYAML: 6.0 PyZMQ: 25.0.0 relenv: Not Installed smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: ubuntu 22.04.2 jammy locale: utf-8 machine: x86_64 release: 5.15.0-58-generic system: Linux version: Ubuntu 22.04.2 jammy ```Additional context According to @OrangeDog on Slack, this is a result of Salt using
http.cookiejar.Cookie()
even though the docs explicitly say not to do that and to useCookieJar.make_cookies()
instead.