hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Detlev Beutner (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1006) BrowserCompatSpec: don't trim " around cookie value
Date Wed, 04 Jan 2017 15:34:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15798515#comment-15798515

Detlev Beutner commented on HTTPCLIENT-1006:

[~reschke] I will, thanks. Might take some days to write a precise but short text, but I will
follow up on this.

[~olegk] "Why would ..." Simply for reasons of compatibility. If the server creates v1 cookies
following RFC 2109 (or at least close to it), it is not allowed to use "=" (%x3D) in the value
if the value is not a quoted-string (which again is a standard case for BASE64 encoded values).
RFC 6265 can handle such values; an implementation which reads the value and omits the DQs
before sending back the value will break the RFC 2109 logic on the server. (That's the case
in the example given far far above.)

Anyhow, I will come back on this later...

> BrowserCompatSpec: don't trim " around cookie value
> ---------------------------------------------------
>                 Key: HTTPCLIENT-1006
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1006
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.0.2
>            Reporter: Marc Guillemot
> If the server sends a cookie header like:
> Set-Cookie: first="hello world"
> then HttpClient parses it as cookie with value >hello world<, wrongly removing
the leading and trailing quotes. The incorrect quote removal occurs in BasicHeaderValueParser.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message