classification
Title: http.cookies._CookiePattern modifying regular expressions
Type: enhancement Stage: patch review
Components: Extension Modules Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: MeiK, martin.panter, xtreak
Priority: normal Keywords: patch

Created on 2019-01-25 03:08 by MeiK, last changed 2019-01-26 13:43 by xtreak.

Pull Requests
URL Status Linked Edit
PR 11665 open xtreak, 2019-01-26 13:43
Messages (4)
msg334338 - (view) Author: MeiK (MeiK) * Date: 2019-01-25 03:11
http.cookies.BaseCookie[1] can't parse Expires in this format like Expires=Thu,31 Jan 2019 05:56:00 GMT;(Less space after Thu,).

I encountered this problem in actual use, Chrome, IE and Firefox can parse this string normally. Many languages, such as JavaScript, can also parse this data automatically.

I built a test site using Flask: https://paste.ubuntu.com/p/K7Z4K4KH7Z/, Use curl and requests to get cookies correctly, but not with aiohttp (because it uses http.cookies.BaseCookie).

Looking at MDN[2] and rfc[3](Thanks tirkarthi), this doesn't seem to be a canonical behavior, But some Java WEB frameworks will produce this behavior (such as the one that caused me to find the problem).

This problem can be solved by modifying a regular expression[4], but I don't know if it should be compatible with this non-standard way of writing.

English is not my native language; please excuse typing errors.


[1] https://github.com/python/cpython/blob/master/Lib/http/cookies.py#L457
[2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives
[3] https://tools.ietf.org/html/rfc6265#section-4.1.1
[4] https://github.com/python/cpython/blob/master/Lib/http/cookies.py#L444
msg334339 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python triager) Date: 2019-01-25 03:29
Thanks for the MDN cookie directive link. I didn't know it links to Date link in the GitHub PR. I don't see space optional in the sane-date format specified for expires attribute. I could be reading the grammar wrong. I will wait for others thoughts on this.
msg334392 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2019-01-26 13:03
I presume MeiK wants to use BaseCookie to parse the Set-Cookie header field, as in

>>> BaseCookie('Hello=World; Expires=Thu, 31 Jan 2019 05:56:00 GMT;')
<BaseCookie: Hello='World'>
>>> BaseCookie('Hello=World; Expires=Thu,31 Jan 2019 05:56:00 GMT;')
<BaseCookie: >

Karthikeyan, if you meant the “sane-cookie-date” format (https://tools.ietf.org/html/rfc6265#page-9), that is just the IETF’s recommended date format. I suspect MeiK is trying to _parse_ the date rather than generate it, in which case the procedure in <https://tools.ietf.org/html/rfc6265#section-5.1.1> may be more relevant. Spaces and commas are both treated as delimiters, so the problematic Expires attribute should parse fine.

BTW, this special handling of Set-Cookie attributes like Expires is not documented, though it does seem intentional. According to the documentation they should be treated as new Morsels.
msg334393 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python triager) Date: 2019-01-26 13:43
Yes, sorry I thought it was the format used for parsing too. Thanks for the example Martin. I am linking @MeiK PR to the issue where I asked them to open an issue for this.
History
Date User Action Args
2019-01-26 13:43:36xtreaksetkeywords: + patch

stage: patch review
messages: + msg334393
pull_requests: + pull_request11517
2019-01-26 13:03:14martin.pantersetnosy: + martin.panter
messages: + msg334392
2019-01-25 03:29:47xtreaksetnosy: + xtreak

messages: + msg334339
versions: + Python 3.8
2019-01-25 03:11:05MeiKsetmessages: + msg334338
2019-01-25 03:08:24MeiKcreate