// name=value; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite={Strict|Lax}; httponly
private static int GetSetCookieLength(StringSegment input, int startIndex, out SetCookieHeaderValue parsedValue)
{
Contract.Requires(startIndex >= 0);
var offset = startIndex;
parsedValue = null;
if (StringSegment.IsNullOrEmpty(input) || (offset >= input.Length))
{
return(0);
}
var result = new SetCookieHeaderValue();
// The caller should have already consumed any leading whitespace, commas, etc..
// Name=value;
// Name
var itemLength = ProtoRuleParser.GetTokenLength(input, offset);
if (itemLength == 0)
{
return(0);
}
result._name = input.Subsegment(offset, itemLength);
offset += itemLength;
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
// value or "quoted value"
// The value may be empty
result._value = CookieHeaderValue.GetCookieValue(input, ref offset);
// *(';' SP cookie-av)
while (offset < input.Length)
{
if (input[offset] == ',')
{
// Divider between headers
break;
}
if (input[offset] != ';')
{
// Expecting a ';' between parameters
return(0);
}
offset++;
offset += ProtoRuleParser.GetWhitespaceLength(input, offset);
// cookie-av = expires-av / max-age-av / domain-av / path-av / secure-av / samesite-av / httponly-av / extension-av
itemLength = ProtoRuleParser.GetTokenLength(input, offset);
if (itemLength == 0)
{
// Trailing ';' or leading into garbage. Let the next parser fail.
break;
}
var token = input.Subsegment(offset, itemLength);
offset += itemLength;
// expires-av = "Expires=" sane-cookie-date
if (StringSegment.Equals(token, ExpiresToken, StringComparison.OrdinalIgnoreCase))
{
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
var dateString = ReadToSemicolonOrEnd(input, ref offset);
DateTimeOffset expirationDate;
if (!ProtoRuleParser.TryStringToDate(dateString, out expirationDate))
{
// Invalid expiration date, abort
return(0);
}
result.Expires = expirationDate;
}
// max-age-av = "Max-Age=" non-zero-digit *DIGIT
else if (StringSegment.Equals(token, MaxAgeToken, StringComparison.OrdinalIgnoreCase))
{
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
itemLength = ProtoRuleParser.GetNumberLength(input, offset, allowDecimal: false);
if (itemLength == 0)
{
return(0);
}
var numberString = input.Subsegment(offset, itemLength);
long maxAge;
if (!HeaderUtilities.TryParseNonNegativeInt64(numberString, out maxAge))
{
// Invalid expiration date, abort
return(0);
}
result.MaxAge = TimeSpan.FromSeconds(maxAge);
offset += itemLength;
}
// domain-av = "Domain=" domain-value
// domain-value = <subdomain> ; defined in [RFC1034], Section 3.5, as enhanced by [RFC1123], Section 2.1
else if (StringSegment.Equals(token, DomainToken, StringComparison.OrdinalIgnoreCase))
{
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
// We don't do any detailed validation on the domain.
result.Domain = ReadToSemicolonOrEnd(input, ref offset);
}
// path-av = "Path=" path-value
// path-value = <any CHAR except CTLs or ";">
else if (StringSegment.Equals(token, PathToken, StringComparison.OrdinalIgnoreCase))
{
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
// We don't do any detailed validation on the path.
result.Path = ReadToSemicolonOrEnd(input, ref offset);
}
// secure-av = "Secure"
else if (StringSegment.Equals(token, SecureToken, StringComparison.OrdinalIgnoreCase))
{
result.Secure = true;
}
// samesite-av = "SameSite" / "SameSite=" samesite-value
// samesite-value = "Strict" / "Lax"
else if (StringSegment.Equals(token, SameSiteToken, StringComparison.OrdinalIgnoreCase))
{
if (!ReadEqualsSign(input, ref offset))
{
result.SameSite = SameSiteMode.Strict;
}
else
{
var enforcementMode = ReadToSemicolonOrEnd(input, ref offset);
if (StringSegment.Equals(enforcementMode, SameSiteLaxToken, StringComparison.OrdinalIgnoreCase))
{
result.SameSite = SameSiteMode.Lax;
}
else
{
result.SameSite = SameSiteMode.Strict;
}
}
}
// httponly-av = "ProtoOnly"
else if (StringSegment.Equals(token, ProtoOnlyToken, StringComparison.OrdinalIgnoreCase))
{
result.ProtoOnly = true;
}
// extension-av = <any CHAR except CTLs or ";">
else
{
// TODO: skiping it for now to avoid parsing failure? Store it in a list?
// = (no spaces)
if (!ReadEqualsSign(input, ref offset))
{
return(0);
}
ReadToSemicolonOrEnd(input, ref offset);
}
}
parsedValue = result;
return(offset - startIndex);
}
public void TryParseSeconds_Fails(string headerValues, string targetValue)
{
TimeSpan?value;
Assert.False(HeaderUtilities.TryParseSeconds(new StringValues(headerValues), targetValue, out value));
}
// name="value"; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite={Strict|Lax}; httponly
public override string ToString()
{
var length = _name.Length + EqualsToken.Length + _value.Length;
string maxAge = null;
if (Expires.HasValue)
{
length += SeparatorToken.Length + ExpiresToken.Length + EqualsToken.Length + ExpiresDateLength;
}
if (MaxAge.HasValue)
{
maxAge = HeaderUtilities.FormatNonNegativeInt64((long)MaxAge.GetValueOrDefault().TotalSeconds);
length += SeparatorToken.Length + MaxAgeToken.Length + EqualsToken.Length + maxAge.Length;
}
if (Domain != null)
{
length += SeparatorToken.Length + DomainToken.Length + EqualsToken.Length + Domain.Length;
}
if (Path != null)
{
length += SeparatorToken.Length + PathToken.Length + EqualsToken.Length + Path.Length;
}
if (Secure)
{
length += SeparatorToken.Length + SecureToken.Length;
}
if (SameSite != SameSiteMode.None)
{
var sameSite = SameSite == SameSiteMode.Lax ? SameSiteLaxToken : SameSiteStrictToken;
length += SeparatorToken.Length + SameSiteToken.Length + EqualsToken.Length + sameSite.Length;
}
if (ProtoOnly)
{
length += SeparatorToken.Length + ProtoOnlyToken.Length;
}
return(string.Create(length, (this, maxAge), (span, tuple) =>
{
var(headerValue, maxAgeValue) = tuple;
Append(ref span, headerValue._name);
Append(ref span, EqualsToken);
Append(ref span, headerValue._value);
if (headerValue.Expires is DateTimeOffset expiresValue)
{
Append(ref span, SeparatorToken);
Append(ref span, ExpiresToken);
Append(ref span, EqualsToken);
var formatted = expiresValue.TryFormat(span, out var charsWritten, ExpiresDateFormat);
span = span.Slice(charsWritten);
Debug.Assert(formatted);
}
if (maxAgeValue != null)
{
AppendSegment(ref span, MaxAgeToken, maxAgeValue);
}
if (headerValue.Domain != null)
{
AppendSegment(ref span, DomainToken, headerValue.Domain);
}
if (headerValue.Path != null)
{
AppendSegment(ref span, PathToken, headerValue.Path);
}
if (headerValue.Secure)
{
AppendSegment(ref span, SecureToken, null);
}
if (headerValue.SameSite != SameSiteMode.None)
{
AppendSegment(ref span, SameSiteToken, headerValue.SameSite == SameSiteMode.Lax ? SameSiteLaxToken : SameSiteStrictToken);
}
if (headerValue.ProtoOnly)
{
AppendSegment(ref span, ProtoOnlyToken, null);
}
}));
}
public void SetAndEscapeValue_ControlCharactersThrowFormatException(string input)
{
Assert.Throws <FormatException>(() => { var actual = HeaderUtilities.EscapeAsQuotedString(input); });
}
public void SetAndEscapeValue_ThrowsFormatExceptionOnDelCharacter()
{
Assert.Throws <FormatException>(() => { var actual = HeaderUtilities.EscapeAsQuotedString($"{(char)0x7F}"); });
}
public void IsQuoted_BehaviorCheck(string input, bool expected)
{
var actual = HeaderUtilities.IsQuoted(input);
Assert.Equal(expected, actual);
}
public void SetAndEscapeValue_BehaviorCheck(string input, string expected)
{
var actual = HeaderUtilities.EscapeAsQuotedString(input);
Assert.Equal(expected, actual);
}
public void RemoveQuotes_BehaviorCheck(string input, string expected)
{
var actual = HeaderUtilities.RemoveQuotes(input);
Assert.Equal(expected, actual);
}
public void ContainsCacheDirective_MatchesExactValue(string headerValues, string targetValue, bool contains)
{
Assert.Equal(contains, HeaderUtilities.ContainsCacheDirective(new StringValues(headerValues), targetValue));
}
public void FormatNonNegativeInt64_Throws_ForNegativeValues(long value)
{
Assert.Throws <ArgumentOutOfRangeException>(() => HeaderUtilities.FormatNonNegativeInt64(value));
}
public void FormatNonNegativeInt64_MatchesToString(long value)
{
Assert.Equal(value.ToString(CultureInfo.InvariantCulture), HeaderUtilities.FormatNonNegativeInt64(value));
}
public StringWithQualityHeaderValue(StringSegment value)
{
HeaderUtilities.CheckValidToken(value, nameof(value));
_value = value;
}
