Bug #4964
closedopen-uri failed to handle multiple "Set-Cookie" headers
Description
=begin
== Problem
open-uri handle multiple "Set-Cookie" headers in a wrong way. Given a header from http server like:
Set-Cookie: name1=value1; blabla
Set-Cookie: name2=value2; blabla
open-uri will pack it into meta info of result like:
Set-Cookie: name1=value; blabla, name2=value2; blabla
The problem is that line 332 of open-uri.rb
resp.each {|name,value| buf.io.meta_add_field name, value }
In turn will call invoke code in net/http.rb to join headers with ",".
== ruby -v:
ruby 1.9.2p174 (2011-01-28 revision 30696) [i686-linux]
== code:
require 'open-uri'
begin
open "http://douban.fm", :redirect => false
rescue OpenURI::HTTPRedirect => redirect
redirect.io.meta['set-cookie']
end
=end
Updated by naruse (Yui NARUSE) over 13 years ago
- Category set to lib
- Status changed from Open to Assigned
- Assignee set to akr (Akira Tanaka)
- Target version set to 1.9.3
See also http://tools.ietf.org/html/rfc6265
Updated by nahi (Hiroshi Nakamura) over 13 years ago
As the original reporter said. Akr, we should use resp.to_hash instead of resp.each to avoid HTTP header concatenation.
It would introduce meta values incompatibility (String -> Array of String) so I propose to change the target version to '1.9.4'.
Updated by akr (Akira Tanaka) over 13 years ago
- Target version changed from 1.9.3 to 2.0.0
I think we can fix the problem without incompatibility.
(new method to return array of field bodies for a field name.)
It needs new feature, though.
Updated by zzak (zzak _) almost 12 years ago
This seems like feature, should move it to next minor or major?
Updated by naruse (Yui NARUSE) almost 12 years ago
- Target version changed from 2.0.0 to 2.6
Updated by akr (Akira Tanaka) over 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r40207.
ren, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- lib/open-uri.rb: Support multiple fields with same field
name (like Set-Cookie).
(OpenURI::Meta#metas): New accessor to obtain fields as a Hash from
field name (string) to field values (array of strings).
[ruby-core:37734] [Bug #4964] reported by ren li.