Skip to content

HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching#803

Merged
arturobernalg merged 1 commit intoapache:masterfrom
arturobernalg:HTTPCLIENT-2415
Feb 11, 2026
Merged

HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching#803
arturobernalg merged 1 commit intoapache:masterfrom
arturobernalg:HTTPCLIENT-2415

Conversation

@arturobernalg
Copy link
Member

@arturobernalg arturobernalg commented Feb 10, 2026

Strip query / fragment from CookieOrigin path per RFC 6265. Add regression tests for request-targets containing '?', '#'.

@arturobernalg arturobernalg requested a review from ok2c February 10, 2026 08:26
ok2c
ok2c requested changes Feb 10, 2026
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/cookie/CookieOrigin.java Outdated
this.secure = secure;
}

private static String normalizePath(final String path) {
Copy link
Member

@ok2c ok2c Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg I do not think this is the right place to do path parsing. This logic should belong to the protocol interceptor that instantiates CookieOrigin. The CookieOrigin class itself should be just a bean with no / little protocol logic.

Copy link
Member Author

@arturobernalg arturobernalg Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ok2c you're right. changed

@arturobernalg
HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching
1a7ae55 
Strip query / fragment from CookieOrigin path per RFC 6265.
Add regression tests for request-targets containing '?', '#'.
@arturobernalg arturobernalg requested a review from ok2c February 10, 2026 10:37
@arturobernalg arturobernalg merged commit 9189d11 into apache:master Feb 11, 2026
10 checks passed
@ok2c
Copy link
Member

ok2c commented Feb 11, 2026

@arturobernalg Please cherry-pick to 5.6.x

arturobernalg added a commit that referenced this pull request Feb 11, 2026
@arturobernalg
HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
1e01a48 
Strip query / fragment from CookieOrigin path per RFC 6265.
Add regression tests for request-targets containing '?', '#'.

(cherry picked from commit 9189d11)
@arturobernalg
Copy link
Member Author

arturobernalg commented Feb 11, 2026

@arturobernalg Please cherry-pick to 5.6.x

done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ok2c ok2c ok2c approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arturobernalg @ok2c