JDK-7183292 : HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 7u4
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-07-11
  • Updated: 2013-11-11
  • Resolved: 2012-08-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u6 b22Fixed 8Fixed
Related Reports
Relates :  
JDK-8015799 - HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Empty cookie header string
Description
If a program installs the default cookie handler, opens an HttpURLConnection to http://www.google.com, and attempts to call HttpURLConnection.getHeaderFields() on that connection,  HttpURLConnection.getHeaderFields() unexpectedly throws the following exception:

Exception in thread "main" java.lang.IllegalArgumentException: Illegal cookie name
	at java.net.HttpCookie.<init>(HttpCookie.java:158)
	at java.net.HttpCookie.parseInternal(HttpCookie.java:964)
	at java.net.HttpCookie.parse(HttpCookie.java:215)
	at java.net.HttpCookie.access$100(HttpCookie.java:58)
	at java.net.HttpCookie$12.parse(HttpCookie.java:1096)
	at sun.net.www.protocol.http.HttpURLConnection.filterHeaderField(HttpURLConnection.java:2605)
	at sun.net.www.protocol.http.HttpURLConnection.getFilteredHeaderFields(HttpURLConnection.java:2642)
	at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2686)
	at illegalcookienametest.IllegalCookieNameTest.main(IllegalCookieNameTest.java:17)

To reproduce, compile and run the following program (with -DproxyHost=<proxy> -DproxyPort=<port>, if you are behind a proxy):

public class IllegalCookieNameTest {
    public static void main(String[] args) throws IOException {
        CookieHandler.setDefault(new TestCookieHandler());
        URL url = new URL("http://www.google.com/");
        HttpURLConnection c = (HttpURLConnection) url.openConnection();
        c.getHeaderFields();
    }
}

class TestCookieHandler extends CookieHandler {
    @Override
    public Map<String, List<String>> get(URI uri, Map<String, List<String>> requestHeaders) {
        return new HashMap<String, List<String>>();
    }

    @Override
    public void put(URI uri, Map<String, List<String>> responseHeaders) {
    }
}

This is a major problem for JavaFX WebView, see http://javafx-jira.kenai.com/browse/RT-23353
Comments
EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/7bd32bfc0539
14-08-2012
EVALUATION This is happening because of changes associated with 7095980. getHeaderFields now perform additional checks from HttpCookie.java instead of simply parsing and returning all header fields from the response, as was being done in 7u3 and earlier versions. So the problem exists 7u4 onwards. Google is sending the following cookie: "domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com" And the checks in HttpCookie.java is flagging this as Illegal.
18-07-2012
SUGGESTED FIX Fix is to remove the isReserved() method from HttpCookie (and the place where it is called).
18-07-2012