Issue44104
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2021-05-10 18:31 by ra1nb0w, last changed 2022-04-11 14:59 by admin. This issue is now closed.
Messages (4) | |||
---|---|---|---|
msg393426 - (view) | Author: ra1nb0w (ra1nb0w) | Date: 2021-05-10 18:30 | |
The issue arises when there are multiple web applications using the same hostname and a "bad" cookie is stored; the first one (ex. tvheadend) sets a cookie like 'ys-api/mpegts/service=blabla' and the second is a python one that crash with the following: May 10 18:56:37 hos openwebrx[4575]: Exception happened during processing of request from ('192.168.178.203', 56994) May 10 18:56:37 hos openwebrx[4575]: Traceback (most recent call last): May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/socketserver.py", line 650, in process_request_thread May 10 18:56:37 hos openwebrx[4575]: self.finish_request(request, client_address) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/socketserver.py", line 360, in finish_request May 10 18:56:37 hos openwebrx[4575]: self.RequestHandlerClass(request, client_address, self) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3/dist-packages/owrx/http.py", line 40, in __init__ May 10 18:56:37 hos openwebrx[4575]: super().__init__(request, client_address, server) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/socketserver.py", line 720, in __init__ May 10 18:56:37 hos openwebrx[4575]: self.handle() May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/server.py", line 426, in handle May 10 18:56:37 hos openwebrx[4575]: self.handle_one_request() May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/server.py", line 414, in handle_one_request May 10 18:56:37 hos openwebrx[4575]: method() May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3/dist-packages/owrx/http.py", line 46, in do_GET May 10 18:56:37 hos openwebrx[4575]: self.router.route(self, self._build_request("GET")) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3/dist-packages/owrx/http.py", line 55, in _build_request May 10 18:56:37 hos openwebrx[4575]: return Request(self.path, method, self.headers) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3/dist-packages/owrx/http.py", line 68, in __init__ May 10 18:56:37 hos openwebrx[4575]: self.cookies.load(headers["Cookie"]) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/cookies.py", line 529, in load May 10 18:56:37 hos openwebrx[4575]: self.__parse_string(rawdata) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/cookies.py", line 593, in __parse_string May 10 18:56:37 hos openwebrx[4575]: self.__set(key, rval, cval) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/cookies.py", line 485, in __set May 10 18:56:37 hos openwebrx[4575]: M.set(key, real_value, coded_value) May 10 18:56:37 hos openwebrx[4575]: File "/usr/lib/python3.7/http/cookies.py", line 352, in set May 10 18:56:37 hos openwebrx[4575]: raise CookieError('Illegal key %r' % (key,)) May 10 18:56:37 hos openwebrx[4575]: http.cookies.CookieError: Illegal key 'ys-api/mpegts/service' Is there a way to avoid this (just a warning) or the only solution is to filter the load(headers["Cookie"]) input? thank you |
|||
msg393539 - (view) | Author: Jonathan Schweder (jaswdr) * | Date: 2021-05-12 17:57 | |
Simple example to reproduce the issue: from http import cookies C = cookies.SimpleCookie() C["ys-api/mpegts/service"] = "blabla" print(C.output()) @ra1nb0w so far as I have found [1][2], the "/" not a valid character for the Cookie name, [3] defines the list of valid characters and [4] is where the exception is raised, I also found that even with the RFC browsers have different rules for the Cookie name definitions, this could be reason why Python has, for example, the ":" character in the list. My conclusion is that the rule for the cookie name is not well-defined, there are some ambiguities here and there, but if we consider purely this case and the RFC, the "/" still is not a valid character for the cookie name, so I guess the best option for you is to filter it out any http.cookies.CookieError that happen. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes [2] https://datatracker.ietf.org/doc/html/rfc2616#section-2.2 [3] https://github.com/python/cpython/blob/main/Lib/http/cookies.py#L162 [4] https://github.com/python/cpython/blob/main/Lib/http/cookies.py#L353 |
|||
msg393555 - (view) | Author: ra1nb0w (ra1nb0w) | Date: 2021-05-13 05:32 | |
Thank you very much jaswdr for the clarification. Now I close this issue. |
|||
msg393585 - (view) | Author: ra1nb0w (ra1nb0w) | Date: 2021-05-13 15:13 | |
Just another question: jaswdr, can you provide an example on how to filter out http.cookies.CookieError? thanks |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:59:45 | admin | set | github: 88270 |
2021-05-13 15:13:28 | ra1nb0w | set | messages: + msg393585 |
2021-05-13 05:32:04 | ra1nb0w | set | status: open -> closed resolution: not a bug messages: + msg393555 stage: resolved |
2021-05-12 17:57:38 | jaswdr | set | nosy:
+ jaswdr messages: + msg393539 |
2021-05-10 18:31:00 | ra1nb0w | create |