Handle broken cookies from other sites in domain

If a web application in a wider domain sets a cookie that python doesn't like, a CookieError would be raised to ruin the whole request. Address by subclassing SimpleCookie to catch the cookie error and set an empty Morsel rather than fail out. This allows the errant cookie to be ignored while still being able to check for the cookie that we actually care about.
2024-11-25 19:10:10 +00:00 · 2015-01-21 16:20:55 -05:00 · 2015-01-21 16:20:55 -05:00 · a9eab61567
commit a9eab61567
parent a366520670
1 changed files with 9 additions and 1 deletions
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@ -48,6 +48,14 @@ opmap = {
    'DELETE': 'delete',
 }

+class RobustCookie(Cookie.SimpleCookie):
+    # this is very bad form, but BaseCookie has a terrible flaw
+    def _BaseCookie__set(selfself, K, rval, cval):
+        try:
+            super(RobustCookie, self)._BaseCookie__set(K, rval, cval)
+        except Cookie.CookieError:
+            # empty value if SimpleCookie rejects
+            dict.__setitem__(self, K, Cookie.Morsel())

 def group_creation_resources():
    yield confluent.messages.Attributes(
@ -154,7 +162,7 @@ def _authorize_request(env, operation):
    cookie = Cookie.SimpleCookie()
    if 'HTTP_COOKIE' in env:
        #attempt to use the cookie.  If it matches
-        cc = Cookie.SimpleCookie()
+        cc = RobustCookie()
        cc.load(env['HTTP_COOKIE'])
        if 'confluentsessionid' in cc:
            sessionid = cc['confluentsessionid'].value