-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 3.12.4
-
Component/s: Technical / Transverse
-
Tags:
-
Sprint:NOS 11.1.15 - 2019-08 1
-
Story Points:3
Overview
Control character in cookie value or attribute.
- Go to project "Comité des Engagements" (https://connect.nuxeo.com/nuxeo/site/studio/ide?project=comite-engagement)
- Observe that there is a yellow banner in the header warning that the project will be expired in 10 days
- Click the check mark on the right side of the banner
- Reload the page
- The page cannot be loaded anymore, any other pages starting with https://connect.nuxeo.com cannot be loaded neither
Exception in the server:
2019-06-20 10:42:22,830 ERROR [http-bio-0.0.0.0-8186-exec-4187] [org.apache.coyote.http11.Http11Processor] Error processing request java.lang.IllegalArgumentException: Control character in cookie value or attribute.
More detail is described in NCO-2710.
Cause
Banner set a non-normalized character 'é' in the cookie. The server failed to handle that.
Cookie: ...; ...; subscription-remainder-Comité des Engagements=Fri, 21 Jun 2019 11:06:07 GMT
Impact
For any user having special characters in its project name and the project is closing to expiration, after clicking the check mark icon, entire NOS website is unavailable for them.
Proposals
Implement both:
- Escape character
- Use project id instead of project name