Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove implicit path=/ from HTTP::Cookie #10491

Merged
merged 1 commit into from
Mar 16, 2021
Merged

Remove implicit path=/ from HTTP::Cookie #10491

merged 1 commit into from
Mar 16, 2021

Conversation

straight-shoota
Copy link
Member

The path property of an HTTP cookie has no fixed default value and omitting the attribute entirely has significantly different semantics from / (see RFC 6265 §4.1.2.4). Currently, omission is impossible because the HTTP::Cokie#path property is non-nilable (it was nilable prior to #1498 and the serialization code still checks for nil). Thus the parser incorrectly sets path= "/" if the value is omitted, which changes semantics.

This patch makes the path property nilable and removes the default value /.

We could consider keeping / as default in the constructor, if we want the match-all semantics by default. But I think sticking with the standard semantics for omitting the value is better.

bcardiff
bcardiff approved these changes Mar 15, 2021
View reviewed changes
Copy link
Member

@bcardiff bcardiff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the changes in cookie that will ship in 1.0 I think is better to include this one also.

@bcardiff bcardiff added this to the 1.0.0 milestone Mar 15, 2021
@bcardiff bcardiff merged commit 17f153e into crystal-lang:master Mar 16, 2021
@straight-shoota straight-shoota deleted the feature/cookie-path-empty-default branch March 16, 2021 21:29
@waghanza waghanza mentioned this pull request May 2, 2021
Merged
3 tasks
@waghanza
Copy link

waghanza commented May 2, 2021

@bcardiff seems that doc is outdate in https://crystal-lang.org/api/1.0.0/HTTP/Cookies.html#[]=(key,value:String)-instance-method

@straight-shoota straight-shoota mentioned this pull request May 3, 2021
Merged
@straight-shoota
Copy link
Member Author

@waghanza Thanks for mentioning, should be fixed with #10669

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcardiff bcardiff bcardiff approved these changes

Assignees
No one assigned
Labels
kind:bug topic:stdlib:networking
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@straight-shoota @waghanza @bcardiff