Skip to content

Bug: cookie string parsing incorrectly handles attributes without values #3023

New issue
New issue
Open
Open
Bug: cookie string parsing incorrectly handles attributes without values#3023
Labels
Bug 🐛This is something that is not working as expected
@floxay

Description

@floxay
floxay
opened on Jan 24, 2024

Description

The parse_cookie_string() function incorrectly handles attributes without values and will keep only one due to the dictionary conversion.
For example if the cookie contains the HttpOnly and the Secure attributes these will both have an empty string as key and eventually only one of these will be returned.
image

URL to code causing the issue

litestar/litestar/_parsers.py

Lines 50 to 67 in 3dfd6fe

def parse_cookie_string(cookie_string: str) -> dict[str, str]:
"""Parse a cookie string into a dictionary of values.
Args:
cookie_string: A cookie string.
Returns:
A string keyed dictionary of values
"""
cookies = [cookie.split("=", 1) if "=" in cookie else ("", cookie) for cookie in cookie_string.split(";")]
output: dict[str, str] = {
k: unquote(unquote_cookie(v))
for k, v in filter(
lambda x: x[0] or x[1],
((k.strip(), v.strip()) for k, v in cookies),
)
}
return output

MCVE

No response

Steps to reproduce

No response

Screenshots

No response

Logs

No response

Litestar Version

v2.5.1

Platform

  • Linux
  • Mac
  • Windows
  • Other (Please specify in the description above)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug 🐛This is something that is not working as expected

    Type

    No type

    Projects

    Overview

    Status

    Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions