Closed weijie0 closed 3 years ago
对于name以$开头的cookie会报错,这个和tomcat稍有区别 原因如下:
在servlet里,cookie的规范如下 if (!isToken(name) || name.equalsIgnoreCase("Comment") || // rfc2019 name.equalsIgnoreCase("Discard") || // 2019++ name.equalsIgnoreCase("Domain") || name.equalsIgnoreCase("Expires") || // (old cookies) name.equalsIgnoreCase("Max-Age") || // rfc2019 name.equalsIgnoreCase("Path") || name.equalsIgnoreCase("Secure") || name.equalsIgnoreCase("Version") || name.startsWith("$")) { 但是在tomcat里,cookie的实现并没有按照servlet的逻辑去做,而是自己实现的,仅仅做了长度验证,如下: public Cookie(String name, String value) { validation.validate(name); this.name = name; this.value = value; } class CookieNameValidator { private static final String LSTRING_FILE = "javax.servlet.http.LocalStrings"; protected static final ResourceBundle lStrings = ResourceBundle.getBundle("javax.servlet.http.LocalStrings"); protected final BitSet allowed = new BitSet(128);
protected CookieNameValidator(String separators) { this.allowed.set(32, 127); for(int i = 0; i < separators.length(); ++i) { char ch = separators.charAt(i); this.allowed.clear(ch); } } void validate(String name) { if (name != null && name.length() != 0) { if (!this.isToken(name)) { String errMsg = lStrings.getString("err.cookie_name_is_token"); throw new IllegalArgumentException(MessageFormat.format(errMsg, name)); } } else { throw new IllegalArgumentException(lStrings.getString("err.cookie_name_blank")); } } private boolean isToken(String possibleToken) { int len = possibleToken.length(); for(int i = 0; i < len; ++i) { char c = possibleToken.charAt(i); if (!this.allowed.get(c)) { return false; } } return true; }
}
这块没注意, 你要是知道怎么改,或者愿意的话, 可以提pull request改下。 我给合并上去。 我晚会我看下咋改。
已解决, 把tomcat的Cookie拿来覆盖了. https://github.com/wangzihaogithub/spring-boot-protocol/commit/cc7aaf83f260e5ffcac9806959f7fc5529a85188
哈哈,如此优秀
对于name以$开头的cookie会报错,这个和tomcat稍有区别 原因如下:
在servlet里,cookie的规范如下 if (!isToken(name) || name.equalsIgnoreCase("Comment") || // rfc2019 name.equalsIgnoreCase("Discard") || // 2019++ name.equalsIgnoreCase("Domain") || name.equalsIgnoreCase("Expires") || // (old cookies) name.equalsIgnoreCase("Max-Age") || // rfc2019 name.equalsIgnoreCase("Path") || name.equalsIgnoreCase("Secure") || name.equalsIgnoreCase("Version") || name.startsWith("$")) { 但是在tomcat里,cookie的实现并没有按照servlet的逻辑去做,而是自己实现的,仅仅做了长度验证,如下: public Cookie(String name, String value) { validation.validate(name); this.name = name; this.value = value; } class CookieNameValidator { private static final String LSTRING_FILE = "javax.servlet.http.LocalStrings"; protected static final ResourceBundle lStrings = ResourceBundle.getBundle("javax.servlet.http.LocalStrings"); protected final BitSet allowed = new BitSet(128);
}