ignore malformed cookie instead of raising an exception

headway · Mar 18, 2020 · c63f22f · c63f22f
1 parent 0cb2d90
commit c63f22f
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/docs/requests.md b/docs/requests.md
@@ -73,6 +73,8 @@ Cookies are exposed as a regular dictionary interface.
 
 For example: `request.cookies.get('mycookie')`
 
+Cookies are ignored in case of an invalid cookie. (RFC2109)
+
 #### Body
 
 There are a few different interfaces for returning the body of the request:

diff --git a/starlette/requests.py b/starlette/requests.py
@@ -91,7 +91,10 @@ def cookies(self) -> typing.Dict[str, str]:
             cookie_header = self.headers.get("cookie")
             if cookie_header:
                 cookie = http.cookies.SimpleCookie()  # type: http.cookies.BaseCookie
-                cookie.load(cookie_header)
+                try:
+                    cookie.load(cookie_header)
+                except http.cookies.CookieError:
+                    pass
                 for key, morsel in cookie.items():
                     cookies[key] = morsel.value
             self._cookies = cookies

diff --git a/tests/test_requests.py b/tests/test_requests.py
@@ -285,6 +285,23 @@ async def app(scope, receive, send):
     assert response.text == "Hello, cookies!"
 
 
+def test_invalid_cookie():
+    async def app(scope, receive, send):
+        request = Request(scope, receive)
+        if not request.cookies:
+            response = Response("ok", media_type="text/plain")
+        else:
+            response = Response("not", media_type="text/plain")
+        await response(scope, receive, send)
+
+    client = TestClient(app)
+    response = client.get("/", cookies={"invalid/cookie": "test", "valid": "test2"})
+    assert response.text == "ok"
+
+    response = client.get("/", cookies={"valid": "test2"})
+    assert response.text == "not"
+
+
 def test_chunked_encoding():
     async def app(scope, receive, send):
         request = Request(scope, receive)