mitmproxy icon indicating copy to clipboard operation
mitmproxy copied to clipboard
verified publisher icon mitmproxy

Parse set header cookies properly

Open Speedlulu opened this issue 4 years ago • 1 comments

Description

Currently when an empty cookie attribute (Secure, HttpOnly ...) is encountered while parsing a Set-Cookie header it will create a CookieAttrs object containing a (key, value) pair with an empty string for the attribute value ie:

CookieAttrs[('Secure', ''), ('HttpOnly', ''), ('Path', '/')]

Resulting in an updated Set-Cookie header for the Response object with invalid values for those empty attributes ie:

(b'SetCookie', b'value=XYZ; Secure=; HttpOnly=; Path=/')

My browser (Firefox 95.0.1) does not pickup these attributes so the cookie looses them.

This fix replaces the empty string attribute for empty cookie attributes by the value None ie:

CookieAttrs[('Secure', None), ('HttpOnly', None), ('Path', '/')]

So that they can be told apart from attributes with intentional empty string values when setting the updated header, which results in a properly formatted header:

(b'SetCookie', b'value=XYZ; Secure; HttpOnly; Path=/')

Checklist

  • [x] I have updated tests where applicable.
  • [x] I have added an entry to the CHANGELOG.

Speedlulu avatar Jan 21 '22 16:01 Speedlulu

Just a +1 from me, this fixed an website found on the wild.

bratao avatar Feb 08 '22 03:02 bratao