(tomcat) 02/04: Output cookie attributes with the value "" as bare attribute names

markt Fri, 15 Mar 2024 11:50:24 -0700

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


commit 8b766b3ce2d3942a1a3027a8902df010eb9589d5
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Mar 15 17:12:20 2024 +0000

    Output cookie attributes with the value "" as bare attribute names
    
    e.g. ...; Partitioned; Secure; HttpOnly; SomeNewAttribute;...
    This will simplify future support for similar new attributes by removing
    the need for special handling.
---
 java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java | 10 +++++++---
 webapps/docs/changelog.xml                                   |  7 +++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java 
b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
index 05a712ecb5..acdec29e78 100644
--- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
@@ -41,6 +41,8 @@ public class Rfc6265CookieProcessor extends 
CookieProcessorBase {
     private static final StringManager sm =
             
StringManager.getManager(Rfc6265CookieProcessor.class.getPackage().getName());
 
+    private static final String EMPTY_STRING = "";
+
     private static final BitSet domainValid = new BitSet(128);
 
     static {
@@ -183,7 +185,7 @@ public class Rfc6265CookieProcessor extends 
CookieProcessorBase {
                 header.append("; Partitioned");
             }
         } else {
-            if (Boolean.parseBoolean(cookiePartitioned)) {
+            if (EMPTY_STRING.equals(cookiePartitioned)) {
                 header.append("; Partitioned");
             }
         }
@@ -206,8 +208,10 @@ public class Rfc6265CookieProcessor extends 
CookieProcessorBase {
                     validateAttribute(entry.getKey(), entry.getValue());
                     header.append("; ");
                     header.append(entry.getKey());
-                    header.append('=');
-                    header.append(entry.getValue());
+                    if (!EMPTY_STRING.equals(entry.getValue())) {
+                        header.append('=');
+                        header.append(entry.getValue());
+                    }
                 }
             }
         }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1f7c2bf776..042b5376d7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -128,6 +128,13 @@
         will scale back to the configured <code>minSpareThreads</code> size.
         (remm)
       </fix>
+      <update>
+        Adjust the <code>Set-Cookie</code> header generated by the
+        <code>Rfc6265CookieProcessor</code> so that attributes with a value of
+        the empty string will be output as bare attribute names without an
+        equals sign or value. This will simplify future support for similar new
+        attributes by removing the need for special handling. (markt)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 02/04: Output cookie attributes with the value "" as bare attribute names

Reply via email to