From a51300ddcd79d8547551b498992c507b4741e214 Mon Sep 17 00:00:00 2001
From: Doug Coleman <doug.coleman@gmail.com>
Date: Sat, 26 Dec 2020 20:17:11 -0600
Subject: [PATCH] http.parsers: Allow a lot more characters in the cookie key.

The spec says one thing, but in practice we just disallow ; , and whitespace.

Add more unit tests.
---
 basis/http/parsers/parsers-tests.factor | 45 +++++++++++++++++++++++++
 basis/http/parsers/parsers.factor       |  8 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/basis/http/parsers/parsers-tests.factor b/basis/http/parsers/parsers-tests.factor
index 6be33002fb..3f4312a72d 100644
--- a/basis/http/parsers/parsers-tests.factor
+++ b/basis/http/parsers/parsers-tests.factor
@@ -18,3 +18,48 @@ unit-test
 { { T{ cookie { name "__s" } { value "12345567" } } } }
 [ "__s=12345567;" parse-cookie ]
 unit-test
+
+{ { T{ cookie { name "a:b" } { value "c" } } } }
+[ "a:b=c;" parse-cookie ]
+unit-test
+
+{ { T{ cookie { name "d" } { value "[e]" } } } }
+[ "d=[e];" parse-cookie ]
+unit-test
+
+! Don't stop parsing on just one bad cookie
+{
+    {
+        T{ cookie { name "d" } { value "[e]" } }
+        T{ cookie { name "g" } { value "h" } }
+    }
+} [ "d=[e]; a: ; g=h;" parse-cookie ] unit-test
+
+! Don't stop parsing on just one bad cookie
+{
+    {
+        T{ cookie { name "d" } { value "[e]" } }
+        T{ cookie { name "g" } { value "h" } }
+    }
+} [ "d=[e]; a: ; g=h;" parse-cookie ] unit-test
+
+! Add some cookies with extra features
+{
+    V{ "set-cookie" "mykey=myvalue; SameSite=Strict" }
+}
+[ "Set-Cookie: mykey=myvalue; SameSite=Strict" parse-header-line ] unit-test
+
+{
+    V{
+        "set-cookie"
+        "id=a3fWa; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly"
+    }
+}
+[ "Set-Cookie: id=a3fWa; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly" parse-header-line ] unit-test
+
+! python allowed characters in key name
+{
+    { T{ cookie { name "!#$%&'*+-.^_`|~:abc" } { value "def" } } }
+} [
+    "!#$%&'*+-.^_`|~:abc=def;" parse-cookie
+] unit-test
\ No newline at end of file
diff --git a/basis/http/parsers/parsers.factor b/basis/http/parsers/parsers.factor
index df6ccbede9..dab80d9f21 100644
--- a/basis/http/parsers/parsers.factor
+++ b/basis/http/parsers/parsers.factor
@@ -11,9 +11,15 @@ IN: http.parsers
 : except-these ( quots -- parser )
     [ 1|| ] curry except ; inline
 
+: cookie-key-disallow? ( ch -- ? )
+    " \t,;=" member? ;
+
 : tspecial? ( ch -- ? )
     "()<>@,;:\\\"/[]?={} \t" member? ;
 
+: cookie-key-parser ( -- parser )
+    { [ control? ] [ cookie-key-disallow? ] } except-these repeat1 ;
+
 : token-parser ( -- parser )
     { [ control? ] [ tspecial? ] } except-these repeat1 ;
 
@@ -144,7 +150,7 @@ PEG: parse-header-line ( string -- pair )
     2choice case-sensitive ;
 
 : attr-parser ( -- parser )
-    token-parser case-sensitive ;
+    cookie-key-parser case-sensitive ;
 
 : av-pair-parser ( -- parser )
     [
-- 
2.34.1