KTOR-8343 Fix: Store client header cookies with RAW encoding to prevent value alteration

Author: rururux

ktor-client/ktor-client-core/common/src/io/ktor/client/plugins/cookies/HttpCookies.kt

@@ -53,7 +53,9 @@ public class HttpCookies internal constructor(
             val url = builder.url.clone().build()
             val cookies = headers[HttpHeaders.Cookie]?.let { cookieHeader ->
                 LOGGER.trace("Saving cookie $cookieHeader for ${builder.url}")
-                parseClientCookiesHeader(cookieHeader).map { (name, encodedValue) -> Cookie(name, encodedValue) }
+                parseClientCookiesHeader(cookieHeader).map { (name, encodedValue) ->
+                    Cookie(name, encodedValue, encoding = CookieEncoding.RAW)
+                }
             }
             cookies?.forEach { storage.addCookie(url, it) }
         }

ktor-client/ktor-client-core/common/test/CookiesTest.kt

@@ -96,4 +96,22 @@ class CookiesTest {
 
         assertNull(builder.headers[HttpHeaders.Cookie])
     }
+
+    @Test
+    fun testCapturedHeaderCookiesStoredAsRawPreserveOriginalHeader() = testSuspend {
+        val feature = HttpCookies(AcceptAllCookiesStorage(), emptyList())
+        val builder = HttpRequestBuilder()
+        val defaultEncodingCookie = Cookie("default", "&%?#=$")
+        val rawEncodingCookie = Cookie("raw", "&%?#=$", encoding = CookieEncoding.RAW)
+        val base64EncodingCookie = Cookie("base64", "&%?#=$", encoding = CookieEncoding.BASE64_ENCODING)
+        val dquotesEncodingCookie = Cookie("dquotes", "&%?#=$", encoding = CookieEncoding.DQUOTES)
+        val cookies = listOf(defaultEncodingCookie, rawEncodingCookie, base64EncodingCookie, dquotesEncodingCookie)
+            .joinToString("; ", transform = ::renderCookieHeader)
+
+        builder.header(HttpHeaders.Cookie, cookies)
+        feature.captureHeaderCookies(builder)
+        feature.sendCookiesWith(builder)
+
+        assertEquals(cookies, builder.headers[HttpHeaders.Cookie])
+    }
 }