Bug #4964


open-uri failed to handle multiple "Set-Cookie" headers

Added by tdsparrow (ren li) almost 11 years ago. Updated about 9 years ago.

Target version:
ruby -v:
ruby 1.9.2p174 (2011-01-28 revision 30696) [i686-linux]


== Problem
open-uri handle multiple "Set-Cookie" headers in a wrong way. Given a header from http server like:

   Set-Cookie: name1=value1; blabla
   Set-Cookie: name2=value2; blabla

open-uri will pack it into meta info of result like:

   Set-Cookie: name1=value; blabla, name2=value2; blabla

The problem is that line 332 of open-uri.rb
resp.each {|name,value| name, value }

In turn will call invoke code in net/http.rb to join headers with ",".

== ruby -v:
ruby 1.9.2p174 (2011-01-28 revision 30696) [i686-linux]

== code:
require 'open-uri'
open "", :redirect => false
rescue OpenURI::HTTPRedirect => redirect['set-cookie']


Updated by naruse (Yui NARUSE) almost 11 years ago

  • Category set to lib
  • Status changed from Open to Assigned
  • Assignee set to akr (Akira Tanaka)
  • Target version set to 1.9.3

Updated by nahi (Hiroshi Nakamura) almost 11 years ago

As the original reporter said. Akr, we should use resp.to_hash instead of resp.each to avoid HTTP header concatenation.

It would introduce meta values incompatibility (String -> Array of String) so I propose to change the target version to '1.9.4'.

Updated by akr (Akira Tanaka) almost 11 years ago

  • Target version changed from 1.9.3 to 2.0.0

I think we can fix the problem without incompatibility.
(new method to return array of field bodies for a field name.)

It needs new feature, though.

Updated by zzak (Zachary Scott) over 9 years ago

This seems like feature, should move it to next minor or major?

Updated by naruse (Yui NARUSE) over 9 years ago

  • Target version changed from 2.0.0 to 2.6
Actions #6

Updated by akr (Akira Tanaka) about 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r40207.
ren, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

  • lib/open-uri.rb: Support multiple fields with same field
    name (like Set-Cookie).
    (OpenURI::Meta#metas): New accessor to obtain fields as a Hash from
    field name (string) to field values (array of strings).
    [ruby-core:37734] [Bug #4964] reported by ren li.

Also available in: Atom PDF