Fix: Only attempt split_cookie extraction if all of the cookies are present #931
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #930
As explained in #930, this isn't a breaking change, because setups with partial cookies couldn't have made sense for anyone before. Some examples:
jwt_hp
andjwt_s
, first one missing: Will result in.eySignature
, which is not a valid JWT token (note the leading period)jwt_hp
andjwt_s
, second one missing: Will result ineyHeader.eyPayload.
which is not a valid JWT token (note the trailing period)jwt_complete
andoptional_suffix
, second one missing: Will result ineyHeader.eyPayload.eySignature.
which is not a valid JWT token (note the trailing period)jwt_h
,jwt_p
andjwt_s
, middle one missing: Will result ineyHeader..eySignature
which is not a valid JWT token (note the two consecutive periods)So up until now, there is no way someone was successfully using the SplitCookieExtractor with only some of the cookies present.