[issue28378] urllib2 does not handle cookies with `,`

2016-10-06 Thread Grzegorz Sikorski 

New submission from Grzegorz Sikorski:

I have a usecase when the server sends two cookies in separate `Set-Cookie` 
headers. One of the cookie includes a `,` (comma). It seems this is not handled 
properly, as the library always try to fold multiple headers with the same name 
into a single comma-separated string. While this is valid for other header 
fields, `Set-Cookie` should never be folded, as RFC 6265 says:
```
   Origin servers SHOULD NOT fold multiple Set-Cookie header fields into
   a single header field.  The usual mechanism for folding HTTP headers
   fields (i.e., as defined in [RFC2616]) might change the semantics of
   the Set-Cookie header field because the %x2C (",") character is used
   by Set-Cookie in a way that conflicts with such folding.
```

--
components: Library (Lib)
messages: 278196
nosy: Grzegorz Sikorski
priority: normal
severity: normal
status: open
title: urllib2 does not handle cookies with `,`
type: behavior

___
Python tracker 
<http://bugs.python.org/issue28378>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28378] urllib2 does not handle cookies with `,`

2016-10-07 Thread Grzegorz Sikorski 

Grzegorz Sikorski added the comment:

It looks urllib2 works with this scenario, but upper level request fails.

--

___
Python tracker 
<http://bugs.python.org/issue28378>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28378] urllib2 does not handle cookies with `,`

2016-10-12 Thread Grzegorz Sikorski 

Grzegorz Sikorski added the comment:

I was debugging this and found out that urllib2 works more-less correct. The 
only problem I would see is referring to the header by 
`res.headers['Set-Cookie']`, as it returns comma-separated string, which cannot 
be processed properly in case the cookie value includes the `,` (see attached 
example). IMO this should return a tuple instead of single string, but as I 
said is minor.

More issues I found with actual `requests` library, as it does not send cookies 
if the server response with 302 (redirect). Again, this may not be related to 
the urllib at all.

--
Added file: http://bugs.python.org/file45064/test.py

___
Python tracker 
<http://bugs.python.org/issue28378>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28378] urllib2 does not handle cookies with `,`

2016-10-12 Thread Grzegorz Sikorski 

Grzegorz Sikorski added the comment:

I attach example express/nodejs server which by default returns a cookie with 
the comma (see expiry time format). The output from the python test file I 
posted in previous message is:
```
python test.py 
cookie1=exampleCookie; Path=/, cookie2=cookie%20with%20comma; Max-Age=60; 
Path=/; Expires=Wed, 12 Oct 2016 10:24:06 GMT; HttpOnly; Secure
###
X-Powered-By: Express
Set-Cookie: cookie1=exampleCookie; Path=/
Set-Cookie: cookie2=cookie%20with%20comma; Max-Age=60; Path=/; Expires=Wed, 12 
Oct 2016 10:24:06 GMT; HttpOnly; Secure
Date: Wed, 12 Oct 2016 10:23:06 GMT
Connection: close
Content-Length: 0
```

--
Added file: http://bugs.python.org/file45065/test.js

___
Python tracker 
<http://bugs.python.org/issue28378>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com