[Django] #20557: Mangled Cookies on Python 3
Django
-------------------------------+--------------------
Reporter: mitsuhiko | Owner: nobody
Type: Uncategorized | Status: new
Component: HTTP handling | Version: 1.5
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
The WSGI spec mangles the strings when they go into the environment. This
not only affects QUERY_STRING, PATH_INFO and SCRIPT_NAME, it also affects
headers that are not latin1. This for instance applies to the HTTP_COOKIE
header. When you set a cookie named ``förmlich="nährhaft"`` with
JavaScript, Django will give you a mangled value.
The correct solution on Python 3 is to encode it back to latin1 and decode
it from utf-8 as browsers do.
--
Ticket URL: <https://code.djangoproject.com/ticket/20557>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: mitsuhiko | Owner: aaugustin
Type: Uncategorized | Status: assigned
Component: HTTP handling | Version: 1.5
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by aaugustin):
* status: new => assigned
* needs_better_patch: => 0
* needs_tests: => 0
* owner: nobody => aaugustin
* needs_docs: => 0
* stage: Unreviewed => Accepted
Comment:
Agreed, that's what Django should do.
(I don't remember how this works currently.)
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:1>
Django
Reporter: mitsuhiko | Owner: aaugustin
Type: Uncategorized | Status: assigned
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by mitsuhiko):
I just noticed that the stdlib module has some issues with unicode on
Python 3. I am going to investigate how I'm going to solve this in
Werkzeug and will link you the solution once I have one.
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:2>
Django
Reporter: mitsuhiko | Owner: aaugustin
Type: Uncategorized | Status: assigned
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by mitsuhiko):
This is the solution I ended up with in Werkzeug for the time being:
https://github.com/mitsuhiko/werkzeug/commit/cf048aad79faa4675f8d90ab57928dc3e09808cb
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:3>
Django
Reporter: mitsuhiko | Owner: aaugustin
Component: HTTP handling | Version: 1.5
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by aaugustin):
* type: Uncategorized => Bug
Comment:
We reached roughly the same conclusion; we just piled hacks upon hacks
instead of rewriting the whole thing like you did...
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:4>
Django
Reporter: mitsuhiko | Owner: aaugustin
Component: HTTP handling | Version: 1.5
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Aymeric Augustin <aymeric.augustin@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"8aaca651cf5732bbf395d24a7d9f2edfab00250c"]:
{{{
#!CommitTicketReference repository=""
revision="8aaca651cf5732bbf395d24a7d9f2edfab00250c"
Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
Thanks mitsuhiko for the report.
Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:5>
Django
Reporter: mitsuhiko | Owner: aaugustin
Type: Bug | Status: closed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Aymeric Augustin <aymeric.augustin@…>):
In [changeset:"fac5735a3daffb82b67ff489f0c963eaf953f6e7"]:
{{{
#!CommitTicketReference repository=""
revision="fac5735a3daffb82b67ff489f0c963eaf953f6e7"
[1.6.x] Fixed #20557 -- Properly decoded non-ASCII cookies on Python 3.
Thanks mitsuhiko for the report.
Non-ASCII values are supported. Non-ASCII keys still aren't, because the
current parser mangles them. That's another bug.
Simplified backport of 8aaca651 and f5add47 from master.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:6>
Django
Reporter: mitsuhiko | Owner: aaugustin
Type: Bug | Status: closed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Aymeric Augustin <aymeric.augustin@…>):
In [changeset:"f5add4712f684a78215263771b8acaeb48e64a81"]:
{{{
#!CommitTicketReference repository=""
revision="f5add4712f684a78215263771b8acaeb48e64a81"
Fixed tests introduced in previous commit on Python 2. Refs #20557.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20557#comment:7>