United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7183292 HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name
JDK-7183292 : HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name

Details
Type:
Bug
Submit Date:
2012-07-11
Status:
Closed
Updated Date:
2013-11-11
Project Name:
JDK
Resolved Date:
2012-08-02
Component:
core-libs
OS:
generic
Sub-Component:
java.net
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
7u4
Fixed Versions:
7u6 (b22)

Related Reports
Backport:
Relates:

Sub Tasks

Description
If a program installs the default cookie handler, opens an HttpURLConnection to http://www.google.com, and attempts to call HttpURLConnection.getHeaderFields() on that connection,  HttpURLConnection.getHeaderFields() unexpectedly throws the following exception:

Exception in thread "main" java.lang.IllegalArgumentException: Illegal cookie name
	at java.net.HttpCookie.<init>(HttpCookie.java:158)
	at java.net.HttpCookie.parseInternal(HttpCookie.java:964)
	at java.net.HttpCookie.parse(HttpCookie.java:215)
	at java.net.HttpCookie.access$100(HttpCookie.java:58)
	at java.net.HttpCookie$12.parse(HttpCookie.java:1096)
	at sun.net.www.protocol.http.HttpURLConnection.filterHeaderField(HttpURLConnection.java:2605)
	at sun.net.www.protocol.http.HttpURLConnection.getFilteredHeaderFields(HttpURLConnection.java:2642)
	at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2686)
	at illegalcookienametest.IllegalCookieNameTest.main(IllegalCookieNameTest.java:17)

To reproduce, compile and run the following program (with -DproxyHost=<proxy> -DproxyPort=<port>, if you are behind a proxy):

public class IllegalCookieNameTest {
    public static void main(String[] args) throws IOException {
        CookieHandler.setDefault(new TestCookieHandler());
        URL url = new URL("http://www.google.com/");
        HttpURLConnection c = (HttpURLConnection) url.openConnection();
        c.getHeaderFields();
    }
}

class TestCookieHandler extends CookieHandler {
    @Override
    public Map<String, List<String>> get(URI uri, Map<String, List<String>> requestHeaders) {
        return new HashMap<String, List<String>>();
    }

    @Override
    public void put(URI uri, Map<String, List<String>> responseHeaders) {
    }
}

This is a major problem for JavaFX WebView, see http://javafx-jira.kenai.com/browse/RT-23353

                                    

Comments
EVALUATION

This is happening because of changes associated with 7095980. getHeaderFields now perform additional
checks from HttpCookie.java instead of simply parsing and returning all header fields from the response, as was being done in 7u3 and
earlier versions. So the problem exists 7u4 onwards.
Google is sending the following cookie:
"domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com"
And the checks in HttpCookie.java is flagging this as Illegal.
                                     
2012-07-18
SUGGESTED FIX

Fix is to remove the isReserved() method from HttpCookie (and the place where it is called).
                                     
2012-07-18
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/7bd32bfc0539
                                     
2012-08-14



Hardware and Software, Engineered to Work Together