2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 03:19:48 +00:00

Handle broken cookies from other sites in domain

If a web application in a wider domain sets a cookie that python
doesn't like, a CookieError would be raised to ruin the whole request.
Address by subclassing SimpleCookie to catch the cookie error and
set an empty Morsel rather than fail out.  This allows the errant
cookie to be ignored while still being able to check for the cookie
that we actually care about.
This commit is contained in:
Jarrod Johnon 2015-01-21 16:20:55 -05:00
parent a366520670
commit a9eab61567

View File

@ -48,6 +48,14 @@ opmap = {
'DELETE': 'delete',
}
class RobustCookie(Cookie.SimpleCookie):
# this is very bad form, but BaseCookie has a terrible flaw
def _BaseCookie__set(selfself, K, rval, cval):
try:
super(RobustCookie, self)._BaseCookie__set(K, rval, cval)
except Cookie.CookieError:
# empty value if SimpleCookie rejects
dict.__setitem__(self, K, Cookie.Morsel())
def group_creation_resources():
yield confluent.messages.Attributes(
@ -154,7 +162,7 @@ def _authorize_request(env, operation):
cookie = Cookie.SimpleCookie()
if 'HTTP_COOKIE' in env:
#attempt to use the cookie. If it matches
cc = Cookie.SimpleCookie()
cc = RobustCookie()
cc.load(env['HTTP_COOKIE'])
if 'confluentsessionid' in cc:
sessionid = cc['confluentsessionid'].value