Return-Path: Delivered-To: apmail-jakarta-httpclient-dev-archive@www.apache.org Received: (qmail 37321 invoked from network); 11 Jan 2005 12:38:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 11 Jan 2005 12:38:03 -0000 Received: (qmail 54587 invoked by uid 500); 11 Jan 2005 12:38:01 -0000 Delivered-To: apmail-jakarta-httpclient-dev-archive@jakarta.apache.org Received: (qmail 54561 invoked by uid 500); 11 Jan 2005 12:38:01 -0000 Mailing-List: contact httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "HttpClient Project" Reply-To: "HttpClient Project" Delivered-To: mailing list httpclient-dev@jakarta.apache.org Received: (qmail 54544 invoked by uid 99); 11 Jan 2005 12:38:01 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from ajax-1.apache.org (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 11 Jan 2005 04:38:00 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (8.12.11/8.12.11) with ESMTP id j0BCbwwS022543 for ; Tue, 11 Jan 2005 13:37:58 +0100 Received: (from nobody@localhost) by ajax.apache.org (8.12.11/8.12.11/Submit) id j0BCbwD8022541; Tue, 11 Jan 2005 13:37:58 +0100 Date: Tue, 11 Jan 2005 13:37:58 +0100 Message-Id: <200501111237.j0BCbwD8022541@ajax.apache.org> From: bugzilla@apache.org To: httpclient-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 33041] - HttpParser fails to parse the cookie header that has a newline character in its value X-Bugzilla-Reason: AssignedTo X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=33041 ------- Additional Comments From olegk@apache.org 2005-01-11 13:37 ------- (1) There are tons of CGI scripts written people who have never read the HTTP spec producing CR delimited headers (or even intermixing CR, LF and CRLF in one damn request). Problematic sites are too numerous to be simply ignored. There's no simple solution to this problem, as there's no one way to parse HTTP packets that would work with all the broken sites out there. See Bug #25468 for details. (2) CR in cookie value violates the HTTP state management spec. See RFC 2109 section 4.1 and RFC 2616 section 2.2 Oleg -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org