Remove cookie name decoding

Author: Tratcher

src/Http/Http/src/Internal/RequestCookieCollection.cs

@@ -10,6 +10,9 @@ namespace Microsoft.AspNetCore.Http.Internal
 {
     public class RequestCookieCollection : IRequestCookieCollection
     {
+        private const string EnableCookieNameDecoding = "Microsoft.AspNetCore.Http.EnableCookieNameDecoding";
+        private bool _enableCookieNameDecoding;
+
         public static readonly RequestCookieCollection Empty = new RequestCookieCollection();
         private static readonly string[] EmptyKeys = Array.Empty<string>();
         private static readonly Enumerator EmptyEnumerator = new Enumerator();
@@ -21,14 +24,15 @@ public class RequestCookieCollection : IRequestCookieCollection
 
         public RequestCookieCollection()
         {
+            _enableCookieNameDecoding = AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled;
         }
 
-        public RequestCookieCollection(Dictionary<string, string> store)
+        public RequestCookieCollection(Dictionary<string, string> store) : this()
         {
             Store = store;
         }
 
-        public RequestCookieCollection(int capacity)
+        public RequestCookieCollection(int capacity) : this()
         {
             Store = new Dictionary<string, string>(capacity, StringComparer.OrdinalIgnoreCase);
         }
@@ -57,6 +61,9 @@ public string this[string key]
         }
 
         public static RequestCookieCollection Parse(IList<string> values)
+            => ParseInternal(values, AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled);
+
+        internal static RequestCookieCollection ParseInternal(IList<string> values, bool enableCookieNameDecoding)
         {
             if (values.Count == 0)
             {
@@ -76,7 +83,11 @@ public static RequestCookieCollection Parse(IList<string> values)
                 for (var i = 0; i < cookies.Count; i++)
                 {
                     var cookie = cookies[i];
-                    var name = Uri.UnescapeDataString(cookie.Name.Value);
+                    var name = cookie.Name.Value;
+                    if (enableCookieNameDecoding)
+                    {
+                        name = Uri.UnescapeDataString(name);
+                    }
                     var value = Uri.UnescapeDataString(cookie.Value.Value);
                     store[name] = value;
                 }
@@ -116,17 +127,20 @@ public bool ContainsKey(string key)
             {
                 return false;
             }
-            return Store.ContainsKey(key);
+            return Store.ContainsKey(key)
+                || !_enableCookieNameDecoding && Store.ContainsKey(Uri.EscapeDataString(key));
         }
 
         public bool TryGetValue(string key, out string value)
         {
-            if (Store == null)
+            if (Store == null || key == null)
             {
                 value = null;
                 return false;
             }
-            return Store.TryGetValue(key, out value);
+
+            return Store.TryGetValue(key, out value)
+                || !_enableCookieNameDecoding && Store.TryGetValue(Uri.EscapeDataString(key), out value);
         }
 
         /// <summary>
@@ -229,4 +243,4 @@ public void Reset()
             }
         }
     }
-}
+}

src/Http/Http/src/Properties/AssemblyInfo.cs

@@ -0,0 +1,3 @@
+using System.Runtime.CompilerServices;
+
+[assembly: InternalsVisibleTo("Microsoft.AspNetCore.Http.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]

src/Http/Http/test/RequestCookiesCollectionTests.cs

@@ -1,6 +1,7 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Linq;
 using Microsoft.AspNetCore.Http.Internal;
 using Microsoft.Extensions.Primitives;
@@ -10,30 +11,32 @@ namespace Microsoft.AspNetCore.Http.Tests
 {
     public class RequestCookiesCollectionTests
     {
-        public static TheoryData UnEscapesKeyValues_Data
+        [Theory]
+        [InlineData("key=value", "key", "value")]
+        [InlineData("__secure-key=value", "__secure-key", "value")]
+        [InlineData("key%2C=%21value", "key,", "!value")]
+        [InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
+        [InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
+        [InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
+        public void UnEscapesValues(string input, string expectedKey, string expectedValue)
         {
-            get
-            {
-                // key, value, expected
-                return new TheoryData<string, string, string>
-                {
-                    { "key=value", "key", "value" },
-                    { "key%2C=%21value", "key,", "!value" },
-                    { "ke%23y%2C=val%5Eue", "ke#y,", "val^ue" },
-                    { "base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==" },
-                    { "base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==" },
-                };
-            }
+            var cookies = RequestCookieCollection.Parse(new StringValues(input));
+
+            Assert.Equal(1, cookies.Count);
+            Assert.Equal(Uri.EscapeDataString(expectedKey), cookies.Keys.Single());
+            Assert.Equal(expectedValue, cookies[expectedKey]);
         }
 
         [Theory]
-        [MemberData(nameof(UnEscapesKeyValues_Data))]
-        public void UnEscapesKeyValues(
-            string input,
-            string expectedKey,
-            string expectedValue)
+        [InlineData("key=value", "key", "value")]
+        [InlineData("__secure-key=value", "__secure-key", "value")]
+        [InlineData("key%2C=%21value", "key,", "!value")]
+        [InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
+        [InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
+        [InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
+        public void AppContextSwitchUnEscapesKeyValues(string input, string expectedKey, string expectedValue)
         {
-            var cookies = RequestCookieCollection.Parse(new StringValues(input));
+            var cookies = RequestCookieCollection.ParseInternal(new StringValues(input), enableCookieNameDecoding: true);
 
             Assert.Equal(1, cookies.Count);
             Assert.Equal(expectedKey, cookies.Keys.Single());

src/Http/HttpAbstractions.sln

@@ -81,6 +81,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "RoutingSample.Web", "Routin
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "dependencies", "dependencies", "{793FFE24-138A-4C3D-81AB-18D625E36230}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Server.IISIntegration", "..\Servers\IIS\IISIntegration\src\Microsoft.AspNetCore.Server.IISIntegration.csproj", "{58817E6B-145C-47B7-AC13-513127074AC7}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Server.Kestrel", "..\Servers\Kestrel\Kestrel\src\Microsoft.AspNetCore.Server.Kestrel.csproj", "{0BDB21AA-5F81-4F91-86E0-8435110A3017}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -403,6 +407,30 @@ Global
 		{F4F5D8AF-FBD1-463F-9473-B63AA820A6C4}.Release|x64.Build.0 = Release|Any CPU
 		{F4F5D8AF-FBD1-463F-9473-B63AA820A6C4}.Release|x86.ActiveCfg = Release|Any CPU
 		{F4F5D8AF-FBD1-463F-9473-B63AA820A6C4}.Release|x86.Build.0 = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|x64.Build.0 = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Debug|x86.Build.0 = Debug|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|x64.ActiveCfg = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|x64.Build.0 = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|x86.ActiveCfg = Release|Any CPU
+		{58817E6B-145C-47B7-AC13-513127074AC7}.Release|x86.Build.0 = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|x64.Build.0 = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Debug|x86.Build.0 = Debug|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|x64.ActiveCfg = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|x64.Build.0 = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|x86.ActiveCfg = Release|Any CPU
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -435,6 +463,8 @@ Global
 		{E4AC79A3-625B-421B-9F91-EFCBD9BEB37F} = {24D19E8E-25FD-4C0B-8865-697878B67BE0}
 		{BF8DC0FF-96F9-4705-8CFA-F42BE989AB6A} = {793FFE24-138A-4C3D-81AB-18D625E36230}
 		{F4F5D8AF-FBD1-463F-9473-B63AA820A6C4} = {14A7B3DE-46C8-4245-B0BD-9AFF3795C163}
+		{58817E6B-145C-47B7-AC13-513127074AC7} = {793FFE24-138A-4C3D-81AB-18D625E36230}
+		{0BDB21AA-5F81-4F91-86E0-8435110A3017} = {793FFE24-138A-4C3D-81AB-18D625E36230}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {85B5E151-2E9D-419C-83DD-0DDCF446C83A}