[undertow-dev] HttpServletRequestImpl.getCookies() fails when a single cookie is invalid
Stuart Douglas
sdouglas at redhat.com
Thu Apr 16 19:08:28 EDT 2015
This should already be fixed in the 1.2 branch:
https://github.com/undertow-io/undertow/commit/2919457
Stuart
----- Original Message -----
> From: "Piotr Betkier" <pbetkier at gmail.com>
> To: undertow-dev at lists.jboss.org
> Sent: Thursday, 16 April, 2015 7:03:13 AM
> Subject: [undertow-dev] HttpServletRequestImpl.getCookies() fails when a single cookie is invalid
>
> Hello,
>
> I have a suggestion on improving the mechanism for providing cookies in
> io.undertow.servlet.spec.HttpServletRequestImpl using getCookies() method.
>
> Often not all of the cookies sent by the user are under the control of the
> application accessing them. It may happen that one of the cookies is not a
> valid cookie as being validated in javax.servlet.http.Cookie constructor.
> Currently, in case of an invalid cookie among the cookies received in a
> request, getCookies() method would propagate the IllegalArgumentException
> thrown from Cookie constructor when instantiating a cookie with invalid
> name, preventing the user from accessing the rest of the cookies which were
> valid.
>
> My proposition is to ignore invalid cookies in getCookies() method, just
> logging such incident, instead of failing on them and returning all the
> valid cookies to the method caller.
>
> What do you think about this? If you agree then I'll be happy to provide a
> pull-request for that.
>
> Cheers,
> Piotr Betkier
>
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
More information about the undertow-dev
mailing list