Skip to content

About http POST Response.headers set-cookie #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jet10000 opened this issue Jan 9, 2020 · 6 comments
Closed

About http POST Response.headers set-cookie #362

jet10000 opened this issue Jan 9, 2020 · 6 comments

Comments

@jet10000
Copy link

jet10000 commented Jan 9, 2020

api server: Django3.0.2
client test: dio: 3.0.8 and http: ^0.12.0

I test login , code like this:

import 'package:dio/dio.dart';
import 'package:http/http.dart' as http;
import 'package:flutter_test/flutter_test.dart';

void main() {
  test('tes django login view', () async {
    try {

      // dio GET
      Response response = await Dio().get("http://localhost:8000/login/form/");
      var token = response.data['form']['csrfmiddlewaretoken'];

      Map<String, dynamic> headers = new Map();
      headers['Cookie'] = "csrftoken=$token";
      Options options = new Options(headers: headers);
      FormData _formData = FormData.fromMap({
        "csrfmiddlewaretoken": token,
        "username": "user",
        "password": "pass",
      });

      // http POST
      var response3 =
          await http.post("http://localhost:8000/admin/login/", headers: {'Cookie': "csrftoken=$token"}, body: {
        "csrfmiddlewaretoken": token,
        "username": "user",
        "password": "pass",
      });
      print(response3.headers);

      // dio POST
      Response response2 = await Dio().post(
          "http://localhost:8000/admin/login/",
          data: _formData,
          options: options);
      print(response2.statusCode);

    } on DioError catch (e) {
      print(e.response.headers);
    }
  });
}

http response.headers

{set-cookie: csrftoken=MFtHG4hE6oykFfQT5AaSkElF6S4H27bDV5inj3R9puhL3TjbnUyMm7f04z01BJSg; expires=Thu, 07 Jan 2021 12:05:07 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=i61c6ywod07tnr0k0lvz3tvimc7zrgyv; expires=Thu, 23 Jan 2020 12:05:07 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax, location: /, cache-control: max-age=0, no-cache, no-store, must-revalidate, private, date: Thu, 09 Jan 2020 12:05:07 GMT, vary: Cookie, content-length: 0, x-frame-options: DENY, content-type: text/html; charset=utf-8, x-content-type-options: nosniff, server: WSGIServer/0.2 CPython/3.7.6, expires: Thu, 09 Jan 2020 12:05:07 GMT}

dio response.headers

set-cookie: csrftoken=w5MntTzt0TLzC7S2pMNXkBwgEA4gBr1jom2kUWdAu7IADeU2CnJtx7iQt9A4AIeR; expires=Thu, 07 Jan 2021 12:05:07 GMT; Max-Age=31449600; Path=/; SameSite=Lax
set-cookie: sessionid=q7orsy8koxk7beok8gjmqibf9jm8odn1; expires=Thu, 23 Jan 2020 12:05:07 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
location: /
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
date: Thu, 09 Jan 2020 12:05:07 GMT
vary: Cookie
content-length: 0
x-frame-options: DENY
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
server: WSGIServer/0.2 CPython/3.7.6
expires: Thu, 09 Jan 2020 12:05:07 GMT

I found dio response.headers have two set-cookie, but http response.headers only have one! the bug cause by SameSite=Lax,sessionid=i61c6ywod07tnr0k0lvz3tvimc7zrgyv; ''in http response.headers, this caused me not to parse set-cookie correctly

I test use chrome browser, response.headers follow and have two Set-Cookie:

Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Thu, 09 Jan 2020 12:08:49 GMT
Expires: Thu, 09 Jan 2020 12:08:49 GMT
Location: /admin/
Server: WSGIServer/0.2 CPython/3.7.6
Set-Cookie: csrftoken=DNJgrZqU6vqXwUP0jUiizADUBgQx4JhiSEb6Cyv0ugh787w6HKs8GhyTrte5ZE6N; expires=Thu, 07 Jan 2021 12:08:49 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: sessionid=0dth5wsuvzvmy5up7353hfzr94nujyei; expires=Thu, 23 Jan 2020 12:08:49 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
@jet10000
Copy link
Author

#24

#156

@D10100111001
Copy link

Ran into the same exact issue. My solution right now is to split the set-cookie header value with this RegExp: (?<=)(,)(?=[^;]+?=).

@fragaLY
Copy link

fragaLY commented May 6, 2020

I've tested with the only one set-cookie header. The problem is the same.

Could someone please provide any fixes?
Up topic, please.

@darkstarx
Copy link

io_client.dart

      var headers = <String, String>{};
      response.headers.forEach((key, values) {
        headers[key] = values.join(',');  ///< HERE IS THE BUG!!!
      });

Dear developers,
please, change filling the values into a something like this

        headers[key] = values;

Thanks!

@DrobyshevAlex
Copy link

DrobyshevAlex commented Nov 26, 2020
edited
Loading

I split cookies

var exp = RegExp(r',(?=[^ ])');
var cookies = cookieHeader.split(exp);

@micheljung micheljung mentioned this issue Dec 29, 2022
Closed
@Vovcharaa Vovcharaa mentioned this issue Feb 19, 2023
Merged
6 tasks
@brianquinlan
Copy link
Collaborator

This is a duplicate of the issue #24, which has been fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@DrobyshevAlex @jet10000 @darkstarx @brianquinlan @fragaLY @D10100111001