[MAGNOLIA-7991] Invalid path for cookie with special characters Created: 08/Feb/21  Updated: 19/Aug/21  Resolved: 19/Aug/21

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.6
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Jonathan Ayala Assignee: Unassigned
Resolution: Duplicate Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-7896 Generation of CSRF token is too expen... Closed
causality
duplicate
duplicates MAGNOLIA-8142 Non ASCII characters in URIs interfer... Closed
is duplicated by MGNLCE-262 CsrfTokenSecurityFilter does not enco... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Steps to reproduce

  1. In public instance, disable personalisation filters: date, country, visitor, preview
  2. Enable UTF-8 in both author and public instances
  3. Create a page named pl-żółć
  4. Publish the page
  5. Without login in, request the page: http://localhost:8080/magnoliaPublic/pl-żółć

Expected results

Page is shown

Actual results

An error occurs: HTTP Status 500 - Internal Server Error

java.lang.IllegalArgumentException: An invalid path [/pl-żółć] was specified for this cookie
	org.apache.tomcat.util.http.Rfc6265CookieProcessor.validatePath(Rfc6265CookieProcessor.java:241)
	org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:160)
	org.apache.catalina.connector.Response.generateCookieString(Response.java:975)
	org.apache.catalina.connector.Response.addCookie(Response.java:927)
	org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:385)
	javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:60)
	info.magnolia.cms.security.CsrfTokenSecurityFilter.unloggedRequestCheckPasses(CsrfTokenSecurityFilter.java:171)
	info.magnolia.cms.security.CsrfTokenSecurityFilter.csrfCheckPasses(CsrfTokenSecurityFilter.java:116)
	info.magnolia.cms.security.CsrfTokenSecurityFilter.doFilter(CsrfTokenSecurityFilter.java:106)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:151)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.personalization.trait.AbstractTraitDetectorFilter.doFilter(AbstractTraitDetectorFilter.java:80)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
	info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)

Workaround

By enabling personalization filters again, page would be returned correctly. 

Development notes

This issue is directly related to changes added in MAGNOLIA-7896.



 Comments   
Comment by Federico Grilli [ 19/Aug/21 ]

This was solved by MAGNOLIA-8142 and will be released in Magnolia 6.2.12

Generated at Mon Feb 12 04:28:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.