Allow RFC 2822-compliant dates for the expires cookie directive #4493
Description
Long story short
I was using a ClientSession with an API that replied with Set-Cookie, but the date format use for expires was not RFC 2616-compliant, but RFC 2822-compliant: the timezone was not GMT, but -0000.
More concretely, the following cookie fails:
hello=world; expires=Wed, 15 Jan 2020 09:45:07 -0000
While this one works:
hello=world; expires=Wed, 15 Jan 2020 09:45:07 GMT
Expected behaviour
I expect that a cookie set via Set-Cookie and with an expires field compliant with RFC 2822 is correctly set in the session's cookies.
Actual behaviour
The cookie is passed to http.cookies.SimpleCookie, and at one point goes through the _CookiePattern regex that explicitly requires date fields to end with GMT.
http.cookies:434:
_CookiePattern = re.compile(r"""
\s* # Optional whitespace at start of cookie
(?P<key> # Start of group 'key'
[""" + _LegalKeyChars + r"""]+? # Any word of at least one letter
) # End of group 'key'
( # Optional group: there may not be a value.
\s*=\s* # Equal Sign
(?P<val> # Start of group 'val'
"(?:[^\\"]|\\.)*" # Any doublequoted string
| # or
\w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT # Special case for "expires" attr
| # or
[""" + _LegalValueChars + r"""]* # Any word or empty string
) # End of group 'val'
)? # End of optional value group
\s* # Any number of spaces.
(\s+|;|$) # Ending either at space, semicolon, or EOS.
""", re.ASCII | re.VERBOSE) # re.ASCII may be removed if safe.Line 444:
\w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT # Special case for "expires" attr
Steps to reproduce
Please see this StackOverflow post where I include an MWE showing the behaviour, as well as an MWE with requests which shows the expected behaviour.
Your environment
$ python --version
Python 3.7.4
$ python -c "import aiohttp; print(aiohttp.__version__)"
3.6.2