OddBloke · August 29, 2015 14:17
diff --git a/reproduce.sh b/reproduce.sh
 #!/bin/bash
 set -m

 cleanup () {
    jobs -p | xargs kill -INT
 }

 python source.py &
 python target.py &

 sleep 1

 # Note that we get 127.0.0.1 but are redirected to localhost; we need
 # different host names (not just different ports)
 COOKIES=$(python -c "import requests; print requests.get('http://127.0.0.1:9001').content")
 if [[ "$COOKIES" == *"super secret"* ]]; then
    echo "TEST FAILED; FOUND COOKIE AFTER REDIRECT"
    cleanup
    exit 1
 fi
 echo "TEST PASSED"

 trap 'cleanup' EXIT
diff --git a/requirements.txt b/requirements.txt
 bottle
 requests
diff --git a/source.py b/source.py
 from bottle import redirect, response, route, run


 @route('/')
 def index():
    response.set_cookie('source_cookie', 'super secret')
    redirect('http://localhost:9002/')

 run(host='localhost', port=9001)
diff --git a/target.py b/target.py
 from bottle import request, route, run


 @route('/')
 def index():
    return '\n'.join([
        '{}: {}'.format(key, value)
        for key, value in request.cookies.items()])

 run(host='localhost', port=9002)
	#!/bin/bash
	set -m

	cleanup () {
	jobs -p \| xargs kill -INT
	}

	python source.py &
	python target.py &

	sleep 1

	# Note that we get 127.0.0.1 but are redirected to localhost; we need
	# different host names (not just different ports)
	COOKIES=$(python -c "import requests; print requests.get('http://127.0.0.1:9001').content")
	if [[ "$COOKIES" == "super secret" ]]; then
	echo "TEST FAILED; FOUND COOKIE AFTER REDIRECT"
	cleanup
	exit 1
	fi
	echo "TEST PASSED"

	trap 'cleanup' EXIT
	from bottle import redirect, response, route, run


	@route('/')
	def index():
	response.set_cookie('source_cookie', 'super secret')
	redirect('http://localhost:9002/')

	run(host='localhost', port=9001)
	from bottle import request, route, run


	@route('/')
	def index():
	return '\n'.join([
	'{}: {}'.format(key, value)
	for key, value in request.cookies.items()])

	run(host='localhost', port=9002)