hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 33041] - HttpParser fails to parse the cookie header that has a newline character in its value
Date Tue, 11 Jan 2005 12:37:58 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33041>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33041





------- Additional Comments From olegk@apache.org  2005-01-11 13:37 -------
(1) There are tons of CGI scripts written people who have never read the HTTP
spec producing CR delimited headers (or even intermixing CR, LF and CRLF in one
damn request). Problematic sites are too numerous to be simply ignored.

There's no simple solution to this problem, as there's no one way to parse HTTP
packets that would work with all the broken sites out there. See Bug #25468 for
details.

(2) CR in cookie value violates the HTTP state management spec. See RFC 2109
section 4.1 and RFC 2616 section 2.2

Oleg

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message