Skip empty cookie records. Add tests.

Accept bare cookies
2023-10-14 20:03:43 +01:00 · 2023-10-14 18:27:26 +00:00
2 changed files with 21 additions and 3 deletions
--- a/sanic/cookies/request.py
+++ b/sanic/cookies/request.py
@@ -73,12 +73,16 @@ def parse_cookie(raw: str) -> Dict[str, List[str]]:
    cookies: Dict[str, List[str]] = {}

    for token in raw.split(";"):
-        name, __, value = token.partition("=")
+        name, sep, value = token.partition("=")
        name = name.strip()
        value = value.strip()

+        # Support cookies =value or plain value with no name
+        # https://github.com/httpwg/http-extensions/issues/159
+        if not sep:
            if not name:
-            continue
+                continue  # Empty value like ;; or a cookie header with no value
+            name, value = "", name

        if COOKIE_NAME_RESERVED_CHARS.search(name):  # no cov
            continue
--- a/tests/test_cookies.py
+++ b/tests/test_cookies.py
@@ -11,6 +11,20 @@ from sanic.cookies.request import CookieRequestParameters
 from sanic.exceptions import ServerError
 from sanic.response import text
 from sanic.response.convenience import json
+from sanic.cookies.request import parse_cookie
+
+def test_request_cookies():
+    cdict = parse_cookie("foo=one; foo=two; abc = xyz;;bare;=bare2")
+    assert cdict == {
+        "foo": ["one", "two"],
+        "abc": ["xyz"],
+        "": ["bare", "bare2"],
+    }
+    c = CookieRequestParameters(cdict)
+    assert c.getlist("foo") == ["one", "two"]
+    assert c.getlist("abc") == ["xyz"]
+    assert c.getlist("") == ["bare", "bare2"]
+    assert c.getlist("bare") == None   # [] might be sensible but we got None for now


 # ------------------------------------------------------------ #
Author	SHA1	Message	Date
L. Kärkkäinen	a202435283	Skip empty cookie records. Add tests.	2023-10-14 20:03:43 +01:00
L. Kärkkäinen	6d433af406	Accept bare cookies	2023-10-14 18:27:26 +00:00