tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: Aw: Re: why does Rfc6265CookieProcessor throw an IllegalArgumentException when setting a cookie with a domain attribute starting with a . ?
Date Tue, 09 Aug 2016 10:26:37 GMT
On 09.08.2016 12:10, Clemens Fuchs wrote:
> Hi,
>
> Actually I was referring to https://tools.ietf.org/html/rfc6265#section-5.2.3, which
explicitly states, that a leading . in the domain attribute value should be ignored by the
user-agent.
> This implied for me, that a leading . is allowed. You're right with other specs, like
https://tools.ietf.org/html/rfc1034#section-3.5, which says, that the domain name must start
with a letter.
>
> -Clemens

A common application of the general Internet RFC principle "be tolerant in what you 
accept, but strict in what you emit" ? (Postel's law)
see: https://en.wikipedia.org/wiki/Robustness_principle
see also : https://michaelfeathers.silvrback.com/the-universality-of-postel-s-law

>
>
> Gesendet: Freitag, 05. August 2016 um 17:03 Uhr
> Von: "Mark Thomas" <markt@apache.org>
> An: "Tomcat Users List" <users@tomcat.apache.org>
> Betreff: Re: why does Rfc6265CookieProcessor throw an IllegalArgumentException when setting
a cookie with a domain attribute starting with a . ?
> On 5 August 2016 13:48:03 BST, Clemens Fuchs <clemens.fuchs@gmx.net> wrote:
>> Hi,
>>
>> Why does Rfc6265CookieProcessor throw an IllegalArgumentException when
>> setting a cookie with a domain attribute starting with a . ?
>
> Because RFC6265 does not allow domains to start with .
>
>> I didn't find anything in https://tools.ietf.org/html/rfc6265 about
>> this
>
> Then you need to read it more carefully. Hint: you'll need to read other specs as well
since RFC6265 refers to them to define domain.
>
>> and think the Rfc6265CookieProcessor might be to restrictive here.
>
> You'll need to back up that statement with references to the spec that support that position.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message