Stop IResponseCookies.Append() from encoding cooki

2019-07-08 09:58发布

问题:

This question already has an answer here:

  • Stop url encoding cookie 1 answer

We are building a dotnetcore 2.0 web app that receiving cookies from a legacy system via http and setting the cookies in the response.

When I debug the app I can see that cookie.value is not url encoded but after calling append the set-cookie headers are url encoded. This is problematic as the legacy cookies need to be unencoded as legacy apps read them as they are.

    public static void AddCookie(this IResponseCookies cookies, Cookie cookie)
    {
        cookies.Append(cookie.Name, cookie.Value, new CookieOptions
        {
            Domain = cookie.Domain,               
            Expires = cookie.Expires == DateTime.MinValue ? null : (DateTimeOffset?) cookie.Expires,
            HttpOnly = cookie.HttpOnly,
            Path = cookie.Path,
            Secure = cookie.Secure
        });
    }

Is there a way to prevent them being encoded? A flag or setting somewhere?

I tried writing an owin middleware but the set-cookie header is always empty.

public class CookieDecode
{
    private readonly RequestDelegate _next;

    public CookieDecode(RequestDelegate next)
    {
        _next = next;
    }

    public async Task Invoke(HttpContext context)
    {
        var x = context.Response.Headers;
        var y = x["set-cookie"];
        //y is always empty
        await _next.Invoke(context);
    }
}

Ideas?

回答1:

No, there is no option to avoid the URL encoding. However, here is what Append is doing. Can you try manually setting the header the same way they do?

    public void Append(string key, string value, CookieOptions options)
    {
        if (options == null)
        {
            throw new ArgumentNullException(nameof(options));
        }

        var setCookieHeaderValue = new SetCookieHeaderValue(
            Uri.EscapeDataString(key),
            Uri.EscapeDataString(value))
        {
            Domain = options.Domain,
            Path = options.Path,
            Expires = options.Expires,
            MaxAge = options.MaxAge,
            Secure = options.Secure,
            SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
            HttpOnly = options.HttpOnly
        };

        var cookieValue = setCookieHeaderValue.ToString();

        Headers[HeaderNames.SetCookie] = StringValues.Concat(Headers[HeaderNames.SetCookie], cookieValue);
    }