Bug #4964

open-uri failed to handle multiple "Set-Cookie" headers

Added by ren li almost 3 years ago. Updated about 1 year ago.

[ruby-core:37734]
Status:Closed
Priority:Normal
Assignee:Akira Tanaka
Category:lib
Target version:next minor
ruby -v:ruby 1.9.2p174 (2011-01-28 revision 30696) [i686-linux] Backport:

Description

=begin
== Problem
open-uri handle multiple "Set-Cookie" headers in a wrong way. Given a header from http server like:

   Set-Cookie: name1=value1; blabla
   Set-Cookie: name2=value2; blabla

open-uri will pack it into meta info of result like:

   Set-Cookie: name1=value; blabla, name2=value2; blabla

The problem is that line 332 of open-uri.rb
resp.each {|name,value| buf.io.metaaddfield name, value }

In turn will call invoke code in net/http.rb to join headers with ",".

== ruby -v:
ruby 1.9.2p174 (2011-01-28 revision 30696) [i686-linux]

== code:
require 'open-uri'
begin
open "http://douban.fm", :redirect => false
rescue OpenURI::HTTPRedirect => redirect
redirect.io.meta['set-cookie']
end

=end

Associated revisions

Revision 40207
Added by Akira Tanaka about 1 year ago

  • lib/open-uri.rb: Support multiple fields with same field name (like Set-Cookie). (OpenURI::Meta#metas): New accessor to obtain fields as a Hash from field name (string) to field values (array of strings). [Bug #4964] reported by ren li.

History

#1 Updated by Yui NARUSE almost 3 years ago

  • Category set to lib
  • Status changed from Open to Assigned
  • Assignee set to Akira Tanaka
  • Target version set to 1.9.3

#2 Updated by Hiroshi Nakamura over 2 years ago

As the original reporter said. Akr, we should use resp.to_hash instead of resp.each to avoid HTTP header concatenation.

It would introduce meta values incompatibility (String -> Array of String) so I propose to change the target version to '1.9.4'.

#3 Updated by Akira Tanaka over 2 years ago

  • Target version changed from 1.9.3 to 2.0.0

I think we can fix the problem without incompatibility.
(new method to return array of field bodies for a field name.)

It needs new feature, though.

#4 Updated by Zachary Scott about 1 year ago

This seems like feature, should move it to next minor or major?

#5 Updated by Yui NARUSE about 1 year ago

  • Target version changed from 2.0.0 to next minor

#6 Updated by Akira Tanaka about 1 year ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r40207.
ren, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • lib/open-uri.rb: Support multiple fields with same field name (like Set-Cookie). (OpenURI::Meta#metas): New accessor to obtain fields as a Hash from field name (string) to field values (array of strings). [Bug #4964] reported by ren li.

Also available in: Atom PDF