Comments (7)
in case future googlers end up here, it looks like the next passenger release will fix it phusion/passenger#2503
from rack.
@skipkayhil Thanks for pointing that out. In Rack 3, response header values can be arrays, and if the web server does not support Rack 3, they may be converting the array to a string, and operating on that. That would explain why [
is the first character. So it sounds quite likely that this issue is caused by using Rack 3 with a webserver that does not support it. In that case, I recommend switching to a different web server, or forcing the use of Rack 2 (as mentioned in the Rails issue).
from rack.
@trak3r what web server are you using? In rails/rails#49422 we found that Passenger does not yet support Rack 3
from rack.
I have my doubts that downgrading to the latest Rack 2.2 release fixes this issue:
h = {}
Rack::Utils.set_cookie_header!(h, '[a]', '[]')
p Rack.release
p h
p Rack::Utils.parse_cookies_header(h['set-cookie'] || h['Set-Cookie'])
Output:
"2.2.2"
{"Set-Cookie"=>"%5Ba%5D=%5B%5D"}
{"[a]"=>"[]"}
"2.2.8"
{"Set-Cookie"=>"%5Ba%5D=%5B%5D"}
{"%5Ba%5D"=>"[]"}
"3.0.8"
{"set-cookie"=>"%5Ba%5D=%5B%5D"}
{"%5Ba%5D"=>"[]"}
This was likely changed by 1f5763d, a security fix for CVE-2020-8184, which was included in Rack 2.2.3.
from rack.
@skipkayhil i am indeed running Passenger 6.0.17/18 so that would explain it. thank you very much! cc @jeremyevans
from rack.
I believe this issue has been addressed, and will be fixed in a subsequent release of Passenger.
from rack.
This issue also affects unicorn. The master branch supports Rack 3 but the latest version of unicorn (6.1.0) doesn't support it. A v7 release of unicorn will be here "soon" as mentioned here: https://yhbt.net/unicorn-public/20231214230933.M299458@dcvr/
from rack.
Related Issues (20)
- Nested parameters parsing error in rack 3.0.8 HOT 22
- Support for `Partitioned` cookie attribute HOT 16
- can't rackup HOT 5
- Rack::Lint::LintError: Status must be >=100 seen as integer HOT 10
- How to manually decode a Rack::Session::Cookie 2023 HOT 1
- 3.0.8 Multipart PATCH requests fail in minitest(Rack::Multipart::EmptyContentError) HOT 2
- HTTP_VERSION vs SERVER_PROTOCOL and Rack::Lint HOT 5
- Spec ambiguity: environment instance HOT 11
- undefined method `[]' for nil:NilClass HOT 1
- Multiple writes to Rack::Response result in incorrect content-length header in Rack 3 HOT 4
- 3.0.9 not visible in releases nor changelog HOT 2
- RACK_INPUT not rewound on form data HOT 2
- Upgrading from rack ~> 2.2 to >= 3.0.0 required me to do a new request.body.rewind before a request.body.read HOT 2
- Rack v2.2.8 release and changelog is missing HOT 2
- how to listen host Loopback HOT 2
- Request for release - EOFError on empty multipart request HOT 6
- Support for zstd in Deflater HOT 5
- Discrepancy in the parsing behavior of Rack::Multipart between versions 1.6 and 2.2 HOT 8
- Deprecation should note how to fix HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rack.