You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think we should add the following to the Set a Cookie section:
1. If |name| contains U+003D (`=`), then return failure.
Otherwise, a cookie with a name containing = will be incorrectly parsed by the server, which I think is more of a bug than a feature. RFC6265bis doesn't explicitly forbid this right now (this case is only possible for cookies not constructed by parsing a cookie line), but I've opened a ticket there for this as well - httpwg/http-extensions#1593
The text was updated successfully, but these errors were encountered:
I think we should add the following to the
Set a Cookie
section:Otherwise, a cookie with a name containing
=
will be incorrectly parsed by the server, which I think is more of a bug than a feature. RFC6265bis doesn't explicitly forbid this right now (this case is only possible for cookies not constructed by parsing a cookie line), but I've opened a ticket there for this as well - httpwg/http-extensions#1593The text was updated successfully, but these errors were encountered: