[issue37522] http.cookies.SimpleCookie doesn't seem to be parsed using regulars
New submission from MeiK :
In Python's built-in SimpleCookie[1], regular expressions are used to parse
cookies, which seems to be a non-standard way.
I looked at the RFC documentation related to cookie resolution: rfc2109[2] and
rfc6265[3], the former has been replaced by the latter. These documents
stipulate that cookies should be split with a semicolon, just like
http.cookiejar.parse_ns_headers[4].
But if we use the approach described in the documentation, then there will be a
set of tests that fail[5].
Current:
>>> print(SimpleCookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"’))
Set-Cookie: keebler="E=mc2; L=\"Loves\"; fudge=\012;"
Modified:
>>> print(SimpleCookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"’))
Set-Cookie: keebler="E=mc2
Is this a bug? Should it be modified?
English is not my native language; please excuse typing errors.
[1]: https://github.com/python/cpython/blob/master/Lib/http/cookies.py#L536
[2]: https://www.ietf.org/rfc/rfc2109.txt
[3]: https://www.ietf.org/rfc/rfc6265.txt
[4]: https://github.com/python/cpython/blob/master/Lib/http/cookiejar.py#L453
[5]:
https://github.com/python/cpython/blob/master/Lib/test/test_http_cookies.py#L19
--
components: Extension Modules
messages: 347494
nosy: MeiK
priority: normal
severity: normal
status: open
title: http.cookies.SimpleCookie doesn't seem to be parsed using regulars
type: enhancement
versions: Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.org/issue37522>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue37522] http.cookies.SimpleCookie doesn't seem to be parsed using regulars
Change by MeiK : -- keywords: +patch pull_requests: +14577 stage: -> patch review pull_request: https://github.com/python/cpython/pull/14781 ___ Python tracker <https://bugs.python.org/issue37522> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35824] http.cookies._CookiePattern modifying regular expressions
Change by MeiK : -- components: Extension Modules nosy: MeiK priority: normal severity: normal status: open title: http.cookies._CookiePattern modifying regular expressions type: enhancement ___ Python tracker <https://bugs.python.org/issue35824> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35824] http.cookies._CookiePattern modifying regular expressions
New submission from MeiK : http.cookies.BaseCookie[1] can't parse Expires in this format like Expires=Thu,31 Jan 2019 05:56:00 GMT;(Less space after Thu,). I encountered this problem in actual use, Chrome, IE and Firefox can parse this string normally. Many languages, such as JavaScript, can also parse this data automatically. I built a test site using Flask: https://paste.ubuntu.com/p/K7Z4K4KH7Z/, Use curl and requests to get cookies correctly, but not with aiohttp (because it uses http.cookies.BaseCookie). Looking at MDN[2] and rfc[3](Thanks tirkarthi), this doesn't seem to be a canonical behavior, But some Java WEB frameworks will produce this behavior (such as the one that caused me to find the problem). This problem can be solved by modifying a regular expression[4], but I don't know if it should be compatible with this non-standard way of writing. English is not my native language; please excuse typing errors. [1] https://github.com/python/cpython/blob/master/Lib/http/cookies.py#L457 [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives [3] https://tools.ietf.org/html/rfc6265#section-4.1.1 [4] https://github.com/python/cpython/blob/master/Lib/http/cookies.py#L444 -- ___ Python tracker <https://bugs.python.org/issue35824> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35824] http.cookies._CookiePattern modifying regular expressions
MeiK added the comment: You are right, I saw the agreed way of parsing in RFC6265[1], it seems that you should not use regular expressions. I used http.cookiejar to update the code, but it failed to pass the test: https://github.com/python/cpython/blob/master/Lib/test/test_http_cookies.py#L19. However, other languages and libraries (JavaScript, Requests, http.cookiejar, etc.) cannot parse it. It seems that the contents of the brackets should be escaped. Is this a wrong test case? I updated the code[2] using http.cookiejar. Is this a good idea? English is not my native language; please excuse typing errors. [1] https://tools.ietf.org/html/rfc6265 [2] https://github.com/python/cpython/pull/11665/commits/a03bc75348a4041c7411da3175689c087a98789f -- ___ Python tracker <https://bugs.python.org/issue35824> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35824] http.cookies._CookiePattern modifying regular expressions
MeiK added the comment: I found that using http.cookiejar.parse_ns_headers would cause some of the previous tests to fail, and if you think this method is workable, I can follow it to write a new one and pass all the tests. -- nosy: -martin.panter, xtreak ___ Python tracker <https://bugs.python.org/issue35824> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
