hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Reschke (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1006) BrowserCompatSpec: don't trim " around cookie value
Date Thu, 29 Dec 2016 15:02:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15785467#comment-15785467

Julian Reschke commented on HTTPCLIENT-1006:


bq. As far as RFC 6265 goes I would like to understand whether the new spec intended to provide
some degree of backward compatibility with previous specs ...

The spec intends to describe what servers and user agents actually implement. There was no
intent to be compatible with RFC 2965, as that spec isn't used in practice. If RFC 6265 is
incompatible with the original spec (2109) then that happened on purpose (because it didn't
describe how cookies were implemented in practice).

bq. ... and whether or not there is a reference to a generic mechanism for escaping special
characters in header elements.

There is no generic way to handle escaping in header fields. Specs can explicitly opt into
certain syntax variations, such as by invoking the quoted-string ABNF rule from the HTTP spec

> BrowserCompatSpec: don't trim " around cookie value
> ---------------------------------------------------
>                 Key: HTTPCLIENT-1006
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1006
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.0.2
>            Reporter: Marc Guillemot
> If the server sends a cookie header like:
> Set-Cookie: first="hello world"
> then HttpClient parses it as cookie with value >hello world<, wrongly removing
the leading and trailing quotes. The incorrect quote removal occurs in BasicHeaderValueParser.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message