Trim trailing whitespace in cookie value: JavaNetCookieJar to avoid crash (#9374)

vansh1sh · web-flow · commit 2ae6e02c2efa · 2026-03-19T07:46:39.000Z
* Trim cookie value in JavaNetCookieJar to avoid crash (#9373) * Add receiveAndSendUntrimmedCookie regression test
diff --git a/okhttp-java-net-cookiejar/src/main/kotlin/okhttp3/java/net/cookiejar/JavaNetCookieJar.kt b/okhttp-java-net-cookiejar/src/main/kotlin/okhttp3/java/net/cookiejar/JavaNetCookieJar.kt
@@ -112,6 +112,9 @@ class JavaNetCookieJar(
         value = value.substring(1, value.length - 1)
       }
 
+      // Minimal normalisation so Cookie.Builder doesn't crash on values like "abc123 ".
+      value = value.trim()
+
       result.add(
         Cookie
           .Builder()
diff --git a/okhttp/src/jvmTest/kotlin/okhttp3/CookiesTest.kt b/okhttp/src/jvmTest/kotlin/okhttp3/CookiesTest.kt
@@ -378,6 +378,62 @@ class CookiesTest {
     assertThat(request.headers["Quux"]).isNull()
   }
 
+  @Test
+  fun cookieHandlerWithQuotedValueAndTrailingSpace() {
+    server.enqueue(MockResponse())
+    val serverUrl = urlWithIpAddress(server, "/")
+    val androidCookieHandler: CookieHandler =
+      object : CookieHandler() {
+        override fun get(
+          uri: URI,
+          map: Map<String, List<String>>,
+        ) = mapOf(
+          "Cookie" to
+            listOf(
+              "a=\"android \"",
+            ),
+        )
+
+        override fun put(
+          uri: URI,
+          map: Map<String, List<String>>,
+        ) {
+        }
+      }
+    client =
+      client
+        .newBuilder()
+        .cookieJar(JavaNetCookieJar(androidCookieHandler))
+        .build()
+    get(serverUrl)
+    val request = server.takeRequest()
+    assertThat(request.headers["Cookie"]).isEqualTo("a=android")
+    assertThat(request.headers["Quux"]).isNull()
+  }
+
+  @Test
+  fun receiveAndSendUntrimmedCookie() {
+    server.enqueue(
+      MockResponse
+        .Builder()
+        .addHeader("Set-Cookie", "a=\"android \"")
+        .build(),
+    )
+    server.enqueue(MockResponse())
+    val cookieManager = CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER)
+    client =
+      client
+        .newBuilder()
+        .cookieJar(JavaNetCookieJar(cookieManager))
+        .build()
+    get(urlWithIpAddress(server, "/"))
+    val request1 = server.takeRequest()
+    assertThat(request1.headers["Cookie"]).isNull()
+    get(urlWithIpAddress(server, "/"))
+    val request2 = server.takeRequest()
+    assertThat(request2.headers["Cookie"]).isEqualTo("a=android")
+  }
+
   private fun urlWithIpAddress(
     server: MockWebServer,
     path: String,

Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,9 @@ class JavaNetCookieJar(`
`112`	`112`	`value = value.substring(1, value.length - 1)`
`113`	`113`	`}`
`114`	`114`
	`115`	`+ // Minimal normalisation so Cookie.Builder doesn't crash on values like "abc123 ".`
	`116`	`+ value = value.trim()`
	`117`	`+`
`115`	`118`	`result.add(`
`116`	`119`	`Cookie`
`117`	`120`	`.Builder()`