From 12dfae1850ee2a4b317ec68cba0d1780efda84d6 Mon Sep 17 00:00:00 2001 From: Michael Nitschinger Date: Wed, 3 Jul 2024 11:38:44 +0200 Subject: [PATCH] Set-Cookie names must not be lowercase This changeset aligns the "Set-Cookie" propertie names with the RFC6265 in the sense that according to syntax (see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-4.1.1) all the names must uppercase the first character. Most browsers are lax in how they interpret the cookies so the old behavior should not cause any issues, but its better to align with the spec. --- .../servicetalk/http/api/DefaultHttpSetCookie.java | 14 +++++++------- .../http/api/DefaultHttpSetCookieTest.java | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpSetCookie.java b/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpSetCookie.java index 12d40a135d..ba2e619fa9 100644 --- a/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpSetCookie.java +++ b/servicetalk-http-api/src/main/java/io/servicetalk/http/api/DefaultHttpSetCookie.java @@ -34,13 +34,13 @@ * Default implementation of {@link HttpSetCookie}. */ public final class DefaultHttpSetCookie implements HttpSetCookie { - private static final String ENCODED_LABEL_DOMAIN = "; domain="; - private static final String ENCODED_LABEL_PATH = "; path="; - private static final String ENCODED_LABEL_EXPIRES = "; expires="; - private static final String ENCODED_LABEL_MAX_AGE = "; max-age="; - private static final String ENCODED_LABEL_HTTP_ONLY = "; httponly"; - private static final String ENCODED_LABEL_SECURE = "; secure"; - private static final String ENCODED_LABEL_SAMESITE = "; samesite="; + private static final String ENCODED_LABEL_DOMAIN = "; Domain="; + private static final String ENCODED_LABEL_PATH = "; Path="; + private static final String ENCODED_LABEL_EXPIRES = "; Expires="; + private static final String ENCODED_LABEL_MAX_AGE = "; Max-Age="; + private static final String ENCODED_LABEL_HTTP_ONLY = "; HttpOnly"; + private static final String ENCODED_LABEL_SECURE = "; Secure"; + private static final String ENCODED_LABEL_SAMESITE = "; SameSite="; private final CharSequence name; private final CharSequence value; diff --git a/servicetalk-http-api/src/test/java/io/servicetalk/http/api/DefaultHttpSetCookieTest.java b/servicetalk-http-api/src/test/java/io/servicetalk/http/api/DefaultHttpSetCookieTest.java index 81a7528cab..6bbdc1a87f 100644 --- a/servicetalk-http-api/src/test/java/io/servicetalk/http/api/DefaultHttpSetCookieTest.java +++ b/servicetalk-http-api/src/test/java/io/servicetalk/http/api/DefaultHttpSetCookieTest.java @@ -21,6 +21,7 @@ import static io.servicetalk.http.api.HttpSetCookie.SameSite.Lax; import static io.servicetalk.http.api.HttpSetCookie.SameSite.None; import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; @@ -81,4 +82,17 @@ void testNotEqual() { is(not(new DefaultHttpSetCookie("foo", "bar", "/path", "docs.servicetalk.io", null, 1L, None, true, false, true).hashCode()))); } + + @Test + void testUppercaseNames() { + String encoded = new DefaultHttpSetCookie("foo", "bar", "myPath", "myDomain", "10", 10L, Lax, + false, true, true).encoded().toString(); + assertThat(encoded, containsString("Path=myPath")); + assertThat(encoded, containsString("Domain=myDomain")); + assertThat(encoded, containsString("Expires=10")); + assertThat(encoded, containsString("Max-Age=10")); + assertThat(encoded, containsString("SameSite=Lax")); + assertThat(encoded, containsString("HttpOnly")); + assertThat(encoded, containsString("Secure")); + } }