Disable cookie name encoding/decoding. (#23579)

Tratcher · web-flow · commit 8182bb16a9e2 · 2020-07-02T16:20:55.000-07:00
diff --git a/src/Http/Http/src/Internal/RequestCookieCollection.cs b/src/Http/Http/src/Internal/RequestCookieCollection.cs
@@ -57,6 +57,9 @@ public string? this[string key]
         }
 
         public static RequestCookieCollection Parse(IList<string> values)
+            => ParseInternal(values, AppContext.TryGetSwitch(ResponseCookies.EnableCookieNameEncoding, out var enabled) && enabled);
+
+        internal static RequestCookieCollection ParseInternal(IList<string> values, bool enableCookieNameEncoding)
         {
             if (values.Count == 0)
             {
@@ -75,7 +78,7 @@ public static RequestCookieCollection Parse(IList<string> values)
                 for (var i = 0; i < cookies.Count; i++)
                 {
                     var cookie = cookies[i];
-                    var name = Uri.UnescapeDataString(cookie.Name.Value);
+                    var name = enableCookieNameEncoding ? Uri.UnescapeDataString(cookie.Name.Value) : cookie.Name.Value;
                     var value = Uri.UnescapeDataString(cookie.Value.Value);
                     store[name] = value;
                 }
diff --git a/src/Http/Http/src/Internal/ResponseCookies.cs b/src/Http/Http/src/Internal/ResponseCookies.cs
@@ -13,6 +13,9 @@ namespace Microsoft.AspNetCore.Http
     /// </summary>
     internal class ResponseCookies : IResponseCookies
     {
+        internal const string EnableCookieNameEncoding = "Microsoft.AspNetCore.Http.EnableCookieNameEncoding";
+        internal bool _enableCookieNameEncoding = AppContext.TryGetSwitch(EnableCookieNameEncoding, out var enabled) && enabled;
+
         /// <summary>
         /// Create a new wrapper.
         /// </summary>
@@ -33,7 +36,7 @@ public ResponseCookies(IHeaderDictionary headers)
         public void Append(string key, string value)
         {
             var setCookieHeaderValue = new SetCookieHeaderValue(
-                Uri.EscapeDataString(key),
+                _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,
                 Uri.EscapeDataString(value))
             {
                 Path = "/"
@@ -52,7 +55,7 @@ public void Append(string key, string value, CookieOptions options)
             }
 
             var setCookieHeaderValue = new SetCookieHeaderValue(
-                Uri.EscapeDataString(key),
+                _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,
                 Uri.EscapeDataString(value))
             {
                 Domain = options.Domain,
@@ -83,7 +86,7 @@ public void Delete(string key, CookieOptions options)
                 throw new ArgumentNullException(nameof(options));
             }
 
-            var encodedKeyPlusEquals = Uri.EscapeDataString(key) + "=";
+            var encodedKeyPlusEquals = (_enableCookieNameEncoding ? Uri.EscapeDataString(key) : key) + "=";
             bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
             bool pathHasValue = !string.IsNullOrEmpty(options.Path);
 
diff --git a/src/Http/Http/test/Internal/DefaultHttpRequestTests.cs b/src/Http/Http/test/Internal/DefaultHttpRequestTests.cs
@@ -175,15 +175,15 @@ public void Cookies_GetAndSet()
             Assert.Null(cookies0["key0"]);
             Assert.False(cookies0.ContainsKey("key0"));
 
-            var newCookies = new[] { "name0=value0%2C", "%5Ename1=value1" };
+            var newCookies = new[] { "name0=value0%2C", "name1=value1" };
             request.Headers["Cookie"] = newCookies;
 
             cookies0 = RequestCookieCollection.Parse(newCookies);
             var cookies1 = request.Cookies;
             Assert.Equal(cookies0, cookies1);
             Assert.Equal(2, cookies1.Count);
             Assert.Equal("value0,", cookies1["name0"]);
-            Assert.Equal("value1", cookies1["^name1"]);
+            Assert.Equal("value1", cookies1["name1"]);
             Assert.Equal(newCookies, request.Headers["Cookie"]);
 
             var cookies2 = new RequestCookieCollection(new Dictionary<string,string>()
diff --git a/src/Http/Http/test/RequestCookiesCollectionTests.cs b/src/Http/Http/test/RequestCookiesCollectionTests.cs
@@ -9,30 +9,30 @@ namespace Microsoft.AspNetCore.Http.Tests
 {
     public class RequestCookiesCollectionTests
     {
-        public static TheoryData UnEscapesKeyValues_Data
+        [Theory]
+        [InlineData("key=value", "key", "value")]
+        [InlineData("key%2C=%21value", "key%2C", "!value")]
+        [InlineData("ke%23y%2C=val%5Eue", "ke%23y%2C", "val^ue")]
+        [InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
+        [InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
+        public void UnEscapesValues(string input, string expectedKey, string expectedValue)
         {
-            get
-            {
-                // key, value, expected
-                return new TheoryData<string, string, string>
-                {
-                    { "key=value", "key", "value" },
-                    { "key%2C=%21value", "key,", "!value" },
-                    { "ke%23y%2C=val%5Eue", "ke#y,", "val^ue" },
-                    { "base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==" },
-                    { "base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==" },
-                };
-            }
+            var cookies = RequestCookieCollection.Parse(new StringValues(input));
+
+            Assert.Equal(1, cookies.Count);
+            Assert.Equal(expectedKey, cookies.Keys.Single());
+            Assert.Equal(expectedValue, cookies[expectedKey]);
         }
 
         [Theory]
-        [MemberData(nameof(UnEscapesKeyValues_Data))]
-        public void UnEscapesKeyValues(
-            string input,
-            string expectedKey,
-            string expectedValue)
+        [InlineData("key=value", "key", "value")]
+        [InlineData("key%2C=%21value", "key,", "!value")]
+        [InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
+        [InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
+        [InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
+        public void AppContextSwitchUnEscapesKeysAndValues(string input, string expectedKey, string expectedValue)
         {
-            var cookies = RequestCookieCollection.Parse(new StringValues(input));
+            var cookies = RequestCookieCollection.ParseInternal(new StringValues(input), enableCookieNameEncoding: true);
 
             Assert.Equal(1, cookies.Count);
             Assert.Equal(expectedKey, cookies.Keys.Single());
diff --git a/src/Http/Http/test/ResponseCookiesTest.cs b/src/Http/Http/test/ResponseCookiesTest.cs
@@ -88,30 +88,44 @@ public void ProvidesMaxAgeWithCookieOptionsArgumentExpectMaxAgeToBeSet()
             Assert.Contains($"max-age={maxAgeTime.TotalSeconds.ToString()}", cookieHeaderValues[0]);
         }
 
-        public static TheoryData EscapesKeyValuesBeforeSettingCookieData
+        [Theory]
+        [InlineData("value", "key=value")]
+        [InlineData("!value", "key=%21value")]
+        [InlineData("val^ue", "key=val%5Eue")]
+        [InlineData("QUI+REU/Rw==", "key=QUI%2BREU%2FRw%3D%3D")]
+        public void EscapesValuesBeforeSettingCookie(string value, string expected)
         {
-            get
-            {
-                // key, value, object pool, expected
-                return new TheoryData<string, string, string>
-                {
-                    { "key", "value", "key=value" },
-                    { "key,", "!value", "key%2C=%21value" },
-                    { "ke#y,", "val^ue", "ke%23y%2C=val%5Eue" },
-                    { "base64", "QUI+REU/Rw==", "base64=QUI%2BREU%2FRw%3D%3D" },
-                };
-            }
+            var headers = new HeaderDictionary();
+            var cookies = new ResponseCookies(headers);
+
+            cookies.Append("key", value);
+
+            var cookieHeaderValues = headers[HeaderNames.SetCookie];
+            Assert.Single(cookieHeaderValues);
+            Assert.StartsWith(expected, cookieHeaderValues[0]);
+        }
+
+        [Theory]
+        [InlineData("key,")]
+        [InlineData("ke@y")]
+        public void InvalidKeysThrow(string key)
+        {
+            var headers = new HeaderDictionary();
+            var cookies = new ResponseCookies(headers);
+
+            Assert.Throws<ArgumentException>(() => cookies.Append(key, "1"));
         }
 
         [Theory]
-        [MemberData(nameof(EscapesKeyValuesBeforeSettingCookieData))]
-        public void EscapesKeyValuesBeforeSettingCookie(
-            string key,
-            string value,
-            string expected)
+        [InlineData("key", "value", "key=value")]
+        [InlineData("key,", "!value", "key%2C=%21value")]
+        [InlineData("ke#y,", "val^ue", "ke%23y%2C=val%5Eue")]
+        [InlineData("base64", "QUI+REU/Rw==", "base64=QUI%2BREU%2FRw%3D%3D")]
+        public void AppContextSwitchEscapesKeysAndValuesBeforeSettingCookie(string key, string value, string expected)
         {
             var headers = new HeaderDictionary();
             var cookies = new ResponseCookies(headers);
+            cookies._enableCookieNameEncoding = true;
 
             cookies.Append(key, value);
 

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,9 @@ public string? this[string key]`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`public static RequestCookieCollection Parse(IList<string> values)`
	`60`	`+ => ParseInternal(values, AppContext.TryGetSwitch(ResponseCookies.EnableCookieNameEncoding, out var enabled) && enabled);`
	`61`	`+`
	`62`	`+ internal static RequestCookieCollection ParseInternal(IList<string> values, bool enableCookieNameEncoding)`
`60`	`63`	`{`
`61`	`64`	`if (values.Count == 0)`
`62`	`65`	`{`
`@@ -75,7 +78,7 @@ public static RequestCookieCollection Parse(IList<string> values)`
`75`	`78`	`for (var i = 0; i < cookies.Count; i++)`
`76`	`79`	`{`
`77`	`80`	`var cookie = cookies[i];`
`78`		`- var name = Uri.UnescapeDataString(cookie.Name.Value);`
	`81`	`+ var name = enableCookieNameEncoding ? Uri.UnescapeDataString(cookie.Name.Value) : cookie.Name.Value;`
`79`	`82`	`var value = Uri.UnescapeDataString(cookie.Value.Value);`
`80`	`83`	`store[name] = value;`
`81`	`84`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ namespace Microsoft.AspNetCore.Http`
`13`	`13`	`/// </summary>`
`14`	`14`	`internal class ResponseCookies : IResponseCookies`
`15`	`15`	`{`
	`16`	`+ internal const string EnableCookieNameEncoding = "Microsoft.AspNetCore.Http.EnableCookieNameEncoding";`
	`17`	`+ internal bool _enableCookieNameEncoding = AppContext.TryGetSwitch(EnableCookieNameEncoding, out var enabled) && enabled;`
	`18`	`+`
`16`	`19`	`/// <summary>`
`17`	`20`	`/// Create a new wrapper.`
`18`	`21`	`/// </summary>`
`@@ -33,7 +36,7 @@ public ResponseCookies(IHeaderDictionary headers)`
`33`	`36`	`public void Append(string key, string value)`
`34`	`37`	`{`
`35`	`38`	`var setCookieHeaderValue = new SetCookieHeaderValue(`
`36`		`- Uri.EscapeDataString(key),`
	`39`	`+ _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,`
`37`	`40`	`Uri.EscapeDataString(value))`
`38`	`41`	`{`
`39`	`42`	`Path = "/"`
`@@ -52,7 +55,7 @@ public void Append(string key, string value, CookieOptions options)`
`52`	`55`	`}`
`53`	`56`
`54`	`57`	`var setCookieHeaderValue = new SetCookieHeaderValue(`
`55`		`- Uri.EscapeDataString(key),`
	`58`	`+ _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,`
`56`	`59`	`Uri.EscapeDataString(value))`
`57`	`60`	`{`
`58`	`61`	`Domain = options.Domain,`
`@@ -83,7 +86,7 @@ public void Delete(string key, CookieOptions options)`
`83`	`86`	`throw new ArgumentNullException(nameof(options));`
`84`	`87`	`}`
`85`	`88`
`86`		`- var encodedKeyPlusEquals = Uri.EscapeDataString(key) + "=";`
	`89`	`+ var encodedKeyPlusEquals = (_enableCookieNameEncoding ? Uri.EscapeDataString(key) : key) + "=";`
`87`	`90`	`bool domainHasValue = !string.IsNullOrEmpty(options.Domain);`
`88`	`91`	`bool pathHasValue = !string.IsNullOrEmpty(options.Path);`
`89`	`92`