net.http: add support '=' in cookie values (fix #23220) (#23257)

2025-08-04 02:07:28 -04:00 · 2024-12-27 16:33:16 +08:00 · 2024-12-27 16:33:16 +08:00 · 4a1c7add24
commit 4a1c7add24
parent a915404888
2 changed files with 41 additions and 10 deletions
--- a/vlib/net/http/cookie.v
+++ b/vlib/net/http/cookie.v
@ -312,12 +312,9 @@ fn parse_cookie(line string) !Cookie {
 		return error('malformed cookie')
 	}
 	parts[0] = parts[0].trim_space()
-	keyval := parts[0].split('=')
-	if keyval.len != 2 {
-		return error('malformed cookie')
-	}
-	name := keyval[0]
-	raw_value := keyval[1]
+	index := parts[0].index('=') or { return error('malformed cookie') }
+	name := parts[0][..index]
+	raw_value := parts[0][index + 1..]
 	if !is_cookie_name_valid(name) {
 		return error('malformed cookie')
 	}
@ -334,10 +331,9 @@ fn parse_cookie(line string) !Cookie {
 		}
 		mut attr := parts[i]
 		mut raw_val := ''
-		if attr.contains('=') {
-			pieces := attr.split('=')
-			attr = pieces[0]
-			raw_val = pieces[1]
+		if ind := parts[i].index('=') {
+			attr = parts[i][..ind]
+			raw_val = parts[i][ind + 1..]
 		}
 		lower_attr := attr.to_lower()
 		val := parse_cookie_value(raw_val, false) or {
--- a/vlib/net/http/response_test.v
+++ b/vlib/net/http/response_test.v
@ -44,3 +44,38 @@ fn test_parse_response() {
 	assert x.header.get(.content_length)! == '3'
 	assert x.body == 'Foo'
 }
+
+fn test_parse_response_with_cookies() {
+	cookie_id := 'v_is_best'
+	content := 'HTTP/1.1 200 OK\r\nSet-Cookie: id=${cookie_id}\r\nContent-Length: 3\r\n\r\nFoo'
+	mut x := parse_response(content)!
+	assert x.http_version == '1.1'
+	assert x.status_code == 200
+	assert x.status_msg == 'OK'
+	assert x.header.contains(.content_length)
+	assert x.header.get(.content_length)! == '3'
+	assert x.body == 'Foo'
+	response_cookie := x.cookies()
+	assert response_cookie[0].str() == 'id=${cookie_id}'
+
+	// cookie has Base64 encoding info, ending with '=='
+	cookie_base64 := 'Ln0kBnAaAyYFQ8lH7d5J8Y5w1/iyDRpj6d0nBLTbBUMbtEyPD32rPvpApsvxhLJWlkHuHT3KYL0g/xNBxC9od5tMFAgurLxKdRd5lZ6Pd7W+SllkbsXmUA=='
+	content_cookie_base64 := 'HTTP/1.1 200 OK\r\nSet-Cookie: enctoken=${cookie_base64}; path=/; secure; SameSite=None\r\nContent-Length: 3\r\n\r\nFoo'
+	x = parse_response(content_cookie_base64)!
+	assert x.http_version == '1.1'
+	assert x.status_code == 200
+	assert x.status_msg == 'OK'
+	assert x.header.contains(.content_length)
+	assert x.header.get(.content_length)! == '3'
+	assert x.body == 'Foo'
+	response_cookie_base64 := x.cookies()
+	assert response_cookie_base64[0].str().split(';')[0] == 'enctoken=${cookie_base64}'
+}
+
+fn test_parse_response_with_weird_cookie() {
+	// weird cookies test
+	content_weird := 'HTTP/1.1 200 OK\r\nSet-Cookie: a=b; ; =; aa=; =bb; cc; ==\r\nContent-Length: 3\r\n\r\nFoo'
+	mut xx := parse_response(content_weird)!
+	weird_cookie := xx.cookies()
+	assert weird_cookie[0].str() == 'a=b'
+}