Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie decoding problem #311

Open
Baachi opened this issue Apr 20, 2023 · 1 comment
Open

Cookie decoding problem #311

Baachi opened this issue Apr 20, 2023 · 1 comment
Labels
under review

Comments

@Baachi
Copy link

Baachi commented Apr 20, 2023 

1. What did you do? If possible, provide a simple script for reproducing the error.

If we add a cookie with a "+" as value, this value get's encoded as " ".

<?php

use Swoole\Http\Server;
use Swoole\Http\Request;
use Swoole\Http\Response;

$server = new Server('127.0.0.1', 9000);
$server->set([
    'enable_coroutine' => false,
]);
$server->on("Start", function() {
    echo "OpenSwoole HTTP Server Started @ 127.0.0.1:9000\n";
});

$server->on('Request', function(Request $request, Response $response) {
    echo sprintf('%s %s', $request->getMethod(), $request->server['request_uri']).PHP_EOL;

    if (!isset($request->cookie['csrf'])) {
        $response->rawCookie('csrf', 'qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=');
        $response->redirect('/');

        return $response;
    }

    $response->end($request->cookie['csrf']);
    // Prints qDGK6d1q6aMJ6/5GlrQxvUnM3 Vj/R3SWv/ZYfVxaKo=
});

$server->start();
2. What did you expect to see?

Should be qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo= or at least a method to get the raw cookie.

3. What did you see instead?

The sign is interpreted as space.

4. What version of OpenSwoole are you using (show your `php --ri openswoole`)?

☁  swoole-bug  php --ri openswoole

openswoole

Open Swoole => enabled
Author => Open Swoole Group <hello@openswoole.com>
Version => 22.0.0
Built => Apr 19 2023 13:12:05
coroutine => enabled with boost asm context
kqueue => enabled
rwlock => enabled
pcre => enabled
zlib => 1.2.11

Directive => Local Value => Master Value
openswoole.enable_coroutine => On => On
openswoole.enable_preemptive_scheduler => Off => Off
openswoole.display_errors => On => On
openswoole.unixsock_buffer_size => 262144 => 262144

5. What is your machine environment used (show your `uname -a` & `php -v` & `gcc -v`) ?

MacOS and Linux (Alpine) with PHP 8.2.
We use the native php alpine image from docker hub and install openswoole via https://github.com/mlocati/docker-php-extension-installer.
@Baachi
Copy link
Author

Baachi commented Apr 20, 2023

The PHP native webserver handle this value correctly:

if (!isset($_COOKIE['csrf'])) {
    header('Location: index_webserver.php');
    setcookie('csrf', 'qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=');

    exit;
}

var_dump($_COOKIE['csrf']); // Prints qDGK6d1q6aMJ6/5GlrQxvUnM3+Vj/R3SWv/ZYfVxaKo=

And just as a context. We don't set the cookie ourselves. We use Ory Kratos which sends the csrf token with a "+" sign.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
under review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doubaokun @Baachi