-
-
Notifications
You must be signed in to change notification settings - Fork 7.6k
[python] Set API key cookie as key-value pair #24149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
94d808c
d71c9ce
bd13ed0
c552c8b
07e3e01
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||
|---|---|---|---|---|---|---|---|---|
|
|
@@ -672,7 +672,13 @@ def _apply_auth_params( | |||||||
| :param auth_setting: auth settings for the endpoint | ||||||||
| """ | ||||||||
| if auth_setting['in'] == 'cookie': | ||||||||
| headers['Cookie'] = auth_setting['value'] | ||||||||
| if not 'Cookie' in headers: | ||||||||
| headers['Cookie'] = "" | ||||||||
| else: | ||||||||
| headers['Cookie'] += "; " | ||||||||
| # Encode spaces and semicolons in cookie value, leaving other characters as-is | ||||||||
| cookie_value = str(auth_setting['value']).replace(" ", "%20").replace(";", "%3B") | ||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. P1: Cookie API-key values are now under-encoded, allowing invalid/control/non-ASCII characters to be emitted raw in the Prompt for AI agents
Suggested change
|
||||||||
| headers['Cookie'] += f"{auth_setting['key']}={cookie_value}" | ||||||||
| elif auth_setting['in'] == 'header': | ||||||||
| if auth_setting['type'] != 'http-signature': | ||||||||
| headers[auth_setting['key']] = auth_setting['value'] | ||||||||
|
|
||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
P1: Cookie API key encoding only replaces spaces and semicolons, leaving other invalid or dangerous characters unescaped.
Prompt for AI agents