xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-15 12:17:47 +00:00
Code Issues Projects Releases Wiki Activity

Sanitize cookies

Browse Source 
If an invalid cookie from another site breaks the cookie jar,
then sanitize it.

https://bugs.python.org/issue31456

Performance enhancement through setting a header in javascript in
lieu of cookie parsing seems a wise move for the future.
This commit is contained in:
Jarrod Johnson 2020-10-24 11:10:52 -04:00
parent 8b5744b7eb
commit 3ac6677d2d
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
confluent_server/confluent/httpapi.py
View File

@ -286,7 +286,8 @@ def _authorize_request(env, operation):
if 'HTTP_COOKIE' in env:
#attempt to use the cookie. If it matches
cc = RobustCookie()
cc.load(env['HTTP_COOKIE'])
sanitized = '; '.join([x.strip().replace(' ', '_') for x in env['HTTP_COOKIE'].split(';')])
cc.load(sanitized)
if 'confluentsessionid' in cc:
sessionid = cc['confluentsessionid'].value
sessid = sessionid