net.http: add support '=' in cookie values (fix #23220) (#23257)

2025-08-04 02:07:28 -04:00 · 2024-12-27 16:33:16 +08:00 · 2024-12-27 16:33:16 +08:00 · 4a1c7add24
commit 4a1c7add24
parent a915404888
2 changed files with 41 additions and 10 deletions
--- a/vlib/net/http/cookie.v
+++ b/vlib/net/http/cookie.v
@ -312,12 +312,9 @@ fn parse_cookie(line string) !Cookie {
 		return error('malformed cookie')
 	}
 	parts[0] = parts[0].trim_space()
-	keyval := parts[0].split('=')
+	index := parts[0].index('=') or { return error('malformed cookie') }
-	if keyval.len != 2 {
+	name := parts[0][..index]
-		return error('malformed cookie')
+	raw_value := parts[0][index + 1..]
 	}
 	name := keyval[0]
 	raw_value := keyval[1]
 	if !is_cookie_name_valid(name) {
 		return error('malformed cookie')
 	}
@ -334,10 +331,9 @@ fn parse_cookie(line string) !Cookie {
 		}
 		mut attr := parts[i]
 		mut raw_val := ''
-		if attr.contains('=') {
+		if ind := parts[i].index('=') {
-			pieces := attr.split('=')
+			attr = parts[i][..ind]
-			attr = pieces[0]
+			raw_val = parts[i][ind + 1..]
 			raw_val = pieces[1]
 		}
 		lower_attr := attr.to_lower()
 		val := parse_cookie_value(raw_val, false) or {
--- a/vlib/net/http/response_test.v
+++ b/vlib/net/http/response_test.v
@ -44,3 +44,38 @@ fn test_parse_response() {
 	assert x.header.get(.content_length)! == '3'
 	assert x.body == 'Foo'
 }
 fn test_parse_response_with_cookies() {
 	cookie_id := 'v_is_best'
 	content := 'HTTP/1.1 200 OK\r\nSet-Cookie: id=${cookie_id}\r\nContent-Length: 3\r\n\r\nFoo'
 	mut x := parse_response(content)!
 	assert x.http_version == '1.1'
 	assert x.status_code == 200
 	assert x.status_msg == 'OK'
 	assert x.header.contains(.content_length)
 	assert x.header.get(.content_length)! == '3'
 	assert x.body == 'Foo'
 	response_cookie := x.cookies()
 	assert response_cookie[0].str() == 'id=${cookie_id}'
 	// cookie has Base64 encoding info, ending with '=='
 	cookie_base64 := 'Ln0kBnAaAyYFQ8lH7d5J8Y5w1/iyDRpj6d0nBLTbBUMbtEyPD32rPvpApsvxhLJWlkHuHT3KYL0g/xNBxC9od5tMFAgurLxKdRd5lZ6Pd7W+SllkbsXmUA=='
 	content_cookie_base64 := 'HTTP/1.1 200 OK\r\nSet-Cookie: enctoken=${cookie_base64}; path=/; secure; SameSite=None\r\nContent-Length: 3\r\n\r\nFoo'
 	x = parse_response(content_cookie_base64)!
 	assert x.http_version == '1.1'
 	assert x.status_code == 200
 	assert x.status_msg == 'OK'
 	assert x.header.contains(.content_length)
 	assert x.header.get(.content_length)! == '3'
 	assert x.body == 'Foo'
 	response_cookie_base64 := x.cookies()
 	assert response_cookie_base64[0].str().split(';')[0] == 'enctoken=${cookie_base64}'
 }
 fn test_parse_response_with_weird_cookie() {
 	// weird cookies test
 	content_weird := 'HTTP/1.1 200 OK\r\nSet-Cookie: a=b; ; =; aa=; =bb; cc; ==\r\nContent-Length: 3\r\n\r\nFoo'
 	mut xx := parse_response(content_weird)!
 	weird_cookie := xx.cookies()
 	assert weird_cookie[0].str() == 'a=b'
 }