From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <martin.posthumus@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS3215 2.6.0.0/16
X-Spam-Status: No, score=-3.2 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS shortcircuit=no
	autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id AC4041F601
	for <unicorn-public@yhbt.net>; Fri,  9 Dec 2022 21:52:37 +0000 (UTC)
Authentication-Results: dcvr.yhbt.net;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="FLoeSOwd";
	dkim-atps=neutral
Received: by mail-qt1-x832.google.com with SMTP id z12so1761018qtv.5
        for <unicorn-public@yhbt.net>; Fri, 09 Dec 2022 13:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:content-language:mime-version:user-agent
         :date:message-id:subject:from:to:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QFWTAqYKvWG1WAA9+J5nLyV9MDASUobtq6YXOtEtGXY=;
        b=FLoeSOwdF6CTSg7V2f5SR2+WIRaH+4sFrAHr/gswFNsMsJ6IR10cbVnGz7Zfz1xT43
         PJbqi98rUub8cuFGHobesKetylrG/A8sPgtrjiQSaRZQAMIydu3mHqOaGJGKH+2D7rXY
         OfR9LjhbQULmJFfVpPz/AuUjo7B2YBjIl5QLfKOftrBwFXugXc84n0PsHmsKgINWcoDB
         DsEjoMu7M7Wo7nWTs8+FloHKsuEtbSVFsnXze0BRD8Djf8N5fI/8GXibs5k5/iFXqXNp
         pjoLuYMj2W9v57pc48F6XueslE9GbcvSFjnTSJlAiTGaKY/y3LvSoMBYq4keVhnBoNYa
         /LDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:content-language:mime-version:user-agent
         :date:message-id:subject:from:to:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QFWTAqYKvWG1WAA9+J5nLyV9MDASUobtq6YXOtEtGXY=;
        b=tvDqnouLXhgf8HYCvsM5rzJ/5a77z+/W2Z8OLISRE2xnm24i/fnOJWpGDVneqqNaIm
         NzMm1l/7JlKe76pdBUcT3pUnyVa9dt70oHTpKnhCiPjawfPUfEHw5wnJBaxBEyQPN2uC
         /zruE1tO4Lxd8CTiVwY8ZTJsLOPH1LyOQe0XcOxpv+SVfueDe+lY+qABUgzoBVNKIEoQ
         sa5xoW5uzvDQVotLAKBcBY1i0+Zt9QG2XtQtdZfKO4xUQeZp0g0IPdRUXgNbrq7rWG8U
         dn8Y6bfkt3tbd3ViGWvqlkvilIhf/LLsBL6b4jId6o1wXh7a5I6k+APZZIDk8V+2nz7A
         SMwA==
X-Gm-Message-State: ANoB5pkC6US5fxAcrZsTl1geTtKn/12+IYfkLnjbGIOdlf6G/P4vRGhl
	mif5eTBYbvK0d+QQx/bZsSXqndBKHQu0kQ==
X-Google-Smtp-Source: AA0mqf4tCLlc3lKLvK8dNK6LN0aa50u+CK9Rh8EqL54Ehv8xx3x69ADOPPEDKcqcQ0LVTu4G4BHrzg==
X-Received: by 2002:a05:622a:1f09:b0:39c:da20:f706 with SMTP id ca9-20020a05622a1f0900b0039cda20f706mr10875818qtb.42.1670622756292;
        Fri, 09 Dec 2022 13:52:36 -0800 (PST)
Received: from volga.local ([208.255.152.218])
        by smtp.gmail.com with ESMTPSA id o9-20020ac872c9000000b003996aa171b9sm1559415qtp.97.2022.12.09.13.52.35
        for <unicorn-public@yhbt.net>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 09 Dec 2022 13:52:35 -0800 (PST)
To: unicorn-public@yhbt.net
From: Martin Posthumus <martin.posthumus@gmail.com>
Subject: Support for Rack 3 headers formatted as arrays
Message-ID: <f25e283e-95e7-a812-c0fd-c79bc31894de@gmail.com>
Date: Fri, 9 Dec 2022 16:52:33 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0)
 Gecko/20100101 PostboxApp/7.0.59
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
List-Id: <unicorn-public.yhbt.net>

Hello,

As of Rack v3, the internal representation of headers containing 
multiple values appears to have been changed to use an array of strings 
rather than a newline-separated string. Pull request visible here: 
https://github.com/rack/rack/pull/1793

The Rack changelog (https://github.com/rack/rack/blob/main/CHANGELOG.md) 
also includes this entry under 3.0.0:
"Response header values can be an Array to handle multiple values (and 
no longer supports \n encoded headers)."



I'm running into some serialization issues with this sort of header when 
trying to run an application on Unicorn that makes use of multiple 
cookies. The `set-cookie` header is returning what appears to be a 
stringified array:

set-cookie: ["my.cookie=.....; domain=......; path=/", 
"rack.session=......; path=/; httponly"]

Which in turn results in cookies getting registered with names like 
`["rack.session` rather than `rack.session`.


I'm not especially familiar with Unicorn's internals, but poking around 
a little bit, it looks like this might be related to the definition of 
`http_response_write` in lib/unicorn/http_response.rb, where it handles 
newline-separated strings, but not arrays. I can confirm that the 
set-cookie header value appears to be an array in this method, not a string.


At present I'm only seeing this issue when running on a Unicorn server. 
When I swap out something like webrick, it appears the array values are 
handled as expected.


Thank you,

Martin